08.07.2025
2 min
526
A C&M employee sold his corporate credentials for $920, which allowed hackers to steal $140 million from six banks in Brazil. Some of the money has already been converted into cryptocurrency, and the investigation is ongoing.
The incident occurred on June 30, 2025. Hackers approached C&M employee João Nazareno Roque after he left a bar and convinced him to hand over access to the company’s internal system. He agreed, receiving $920 for the logins and another $1,850 for performing certain actions in the system through Notion. With access to systems connected to the Central Bank of Brazil, the attackers organized a mass transfer of money. Roque tried to avoid detection by changing his phone number every 15 days, but was arrested on July 3 in São Paulo.
This is not the first example of targeted bribery. In the Coinbase case, the model of involving technical support workers in India to steal data was also used. In the Brazilian case, the police are conducting at least three parallel investigations, but there is no information about the hackers themselves. Expert ZachXBT reported that approximately $ 30-40 million has already been transferred to cryptocurrencies through various exchanges and illegal OTC channels. He continues to monitor the associated crypto wallets and cooperates with the police.
This case shows that technical systems can be well protected, but the human factor remains vulnerable. The attack was carried out exclusively through social engineering, without technical hacking. C&M confirmed that it was the internal security system that allowed it to quickly respond and help law enforcement. The situation demonstrates that staff training and detection of internal threats are no less important than firewalls and encryption.
SEO:
In June 2025, attackers stole $140 million from six Brazilian banks by bribing an employee of the firm C\&M. After gaining access to the system through social engineering, the hackers transferred some of the funds into cryptocurrency.
