By Brazil Stock Guide – BTG Pactual (BPAC11) restarted its Pix instant payment service on Monday, March 23, after a cyberattack that reportedly diverted about R$ 100 million ($20 million) forced a precautionary shutdown a day earlier. The bank moved to restore operations and said no client accounts were accessed and no customer data was exposed, containing what could have escalated into a broader disruption.
Scale of the breach
The incident began early Sunday, around 6 a.m., after Brazil’s Central Bank flagged atypical activity linked to BTG’s accounts. According to market reports, the funds — believed to belong to the bank — were routed through multiple financial institutions, before part of the amount was converted into crypto assets. BTG has not officially confirmed the value, but people familiar with the matter say most of the funds were recovered, with losses potentially limited to R$ 20 million to R$ 40 million ($4 million to $8 million).
Official statement
BTG Pactual said it began restoring Pix services on the morning of March 23 after suspending the system as a preventive measure on Sunday. The interruption followed the identification of atypical activity that triggered the bank’s security systems. BTG added that there was no access to client accounts and no exposure of customer data. The bank reiterated that information security remains a priority and said it is available to address any questions through its service channels.
Rapid recovery
The bank resumed operations less than 24 hours after the disruption, signaling that containment protocols were effective. The quick turnaround helped limit systemic risk in Pix, a critical payments rail in Brazil that processes billions of transactions each month. The episode highlights vulnerabilities in the broader financial ecosystem, particularly in integration layers and transaction flows rather than core central bank infrastructure.
Brazil’s Federal Police is investigating the case as BTG works to finalize the recovery of remaining funds and fully normalize operations. For investors, the key question is not the immediate financial loss, but whether the bank can demonstrate that the incident was isolated and that safeguards have been strengthened to prevent recurrence.
