Hacker group claims to have invaded Central Bank ‘blockchain’

A blockchain service linked to BC do Brasil, provided by a company in the country, may have been the target of a data breach. According to a publication by a hacker group, 1.8 terabytes have been stolen and made available on the Internet.

Providing blockchain services for the BCB is the Center for Research and Development in Telecommunications (CPQD), a company that hired computer engineers in 2021 who focused on the core technology of cryptocurrencies.

In March 2022, the organization announced the launch of a blockchain solution called CPQD iD. The novelty of a decentralized identity would be used by the Mercado Bitcoin brokerage, in partnership with CPQD, Bitrust and ClearSale, in the LIFT edition.

This is one of nine solutions the Central Bank has chosen to develop digital Real, and it is not clear whether it would have been affected by the cyber attack.

Wanted, the Central Bank of Brazil said none of its data had been leaked.

Blockchain Linked to BC do Brasil Had Leaked Data, Says Page of Hackers Claiming Invasion

The LV ransomware group stands out for its performance comparable to REvil, another that has drawn attention to its forays into corporate and government systems. With ransomware, malware that freezes systems and steals data, these groups have harmed large companies.

And in a post on one of its anonymous blogs, the LV group emphasized that it hacked into a blockchain service of the Central Bank of Brazil and managed to steal 1.8 TB of data. The company DataMinr released this information as a warning, which was also shared by journalist Renan Brites on his Twitter.

“The blockchain service of the Central Bank of Brazil is being affected by the LV ransomware group, with 1.8 TB of leaked data, including blockchain servers.”

Group accuses company of failing to protect user data

In disclosing the alleged data, the LV group continues to accuse CPQD of failing to protect its users’ data. In addition, the group says it would rather sell its data, that of its employees and others, rather than protect customers.

Hacker group claims it obtained data from the Central Bank of Brazil and its blockchain application
Hacker group claims it obtained data from the Central Bank of Brazil and its blockchain application. reproduction

It is clear that a serious cyber breach of a system linked to the Central Bank of Brazil could have serious consequences, with investigations by the federal police and other national security agents. CPQD is also a partner in fostering innovation with BNDES, EMBRAPII, Finep and FUNTTELL.

It is worth remembering that blockchain solutions are usually decentralized, at least those like Bitcoin, for example. In the case of CPQD, blockchain solutions are private and “tailor-made” for the problems of different companies, in a manner similar to distributed databases.

What does the Central Bank of Brazil say?

THE live coins approached the CPDQ to comment on the matter, and the organization denied any issues or data breaches of solutions it is developing.

Information security and the protection of personal data are requirements that have always had special attention at CPQD. The decentralized digital identity solutions developed by the organization based on blockchain, for example, place control over personal data in the hands of the users themselves, precisely to prevent leakage situations or access to sensitive information by unauthorized persons.

In this way, CPQD clarifies that no personal data has been leaked, nor has any customer solutions been compromised, contrary to what is being disclosed.

Moreover, there is currently no blockchain solution developed by CPQD, involving sensitive information of people or companies, by the Central Bank of Brazil. We also clarify that the repositories listed as unprotected refer to tests conducted in-house to ensure the quality of the blockchain solutions developed, without any personal data or sensitive information.

All security protocols maintained by CPQD have already been activated and steps have been taken to investigate the incident and prevent disruption to the operations of customers and partners. Information security is our priority!

The Central Bank of Brazil was also contacted, which said none of its data had been leaked.

“There was no leakage of BC data. CPQD has no access to BC’s internal data.”

Source: Live Coins