PIX Settlement Attacks Cost R$1.6 Billion in 12 Months as pacs.008 Forgery Emerges as Primary Vector

Three separate attacks on PIX participant settlement infrastructure have diverted approximately R$1.6 billion since mid-2025. The attacks share a common vector: forging pacs.008 XML payment orders at the institutional level. Participating banks and technology service providers generate and digitally sign these messages before submission to the BCB's SPI.

Axur Research Team documented this methodology in an October 2025 threat intelligence report attributed to the Plump Spider group. Initial access typically begins with vishing campaigns. Attackers impersonate IT technicians via WhatsApp calls to obtain network credentials. Some operations recruit insiders with direct access to financial institution networks. Once inside, attackers deploy PowerShell scripts disguised as documents to map domain controllers, harvest Wi-Fi credentials, and enumerate Active Directory structures. SoftEther VPN tunnels provide encrypted command-and-control channels that blend with normal HTTPS traffic.

The objective is to reach the environment where pacs.008 payment order XML messages are generated and digitally signed. Attackers forge payment instructions that the BCB's SPI accepts as legitimate because the institution's own signing infrastructure authenticates the fraudulent commands.

The most recent incident struck BTG Pactual on March 22, 2026. Approximately R$100 million was diverted from the bank's Conta PI settlement reserves at the Central Bank. BCB monitoring systems detected atypical movements at approximately 6 AM. BTG suspended PIX operations. Service was restored by March 23. Of the diverted funds, R$73 million was recovered. The remainder was dispersed across seven institutions. Some funds were converted to cryptocurrency before recovery teams intervened.

BCB has responded with two regulatory measures. Resolution 538, effective March 1, 2026, mandates multi-factor authentication for PIX and STR administrative access. The resolution requires physical and logical isolation of PIX environments from other institutional systems. Participants must use dedicated cloud computing instances. Annual independent penetration testing is also required. Resolution 554, effective March 30, 2026, introduces configurable minimum operational balance thresholds for Conta PI accounts. When a payment order would push the balance below the configured floor and the participant has pre-activated automatic blocking, the account locks. Manual unblocking through the SPB-Web SPI module is required to resume operations. An alternative balance monitoring channel independent of the RSFN network is also introduced.

Institutions reported 76 critical SPI incidents in 2025, up 29% from 59 in 2024. Approximately 65% occurred in the second half of the year. Axur documented Plump Spider expanding its targeting beyond banks to insurance companies, retail businesses, and POS system providers connected to payment settlement infrastructure.

PIX's core SPI infrastructure has never been compromised in any of these incidents. Every successful attack exploited the participant's own systems at the point where pacs.008 messages are assembled and signed. Resolution 554 takes effect March 30. Full MED 2.0 supervisory enforcement begins May 2026. The BCB accreditation deadline for non-authorized PIX payment institutions falls on May 1, 2026. After that date, minimum capital requirements and enhanced security standards will reduce the number of vulnerable institutional endpoints connecting to the SPI.