Brazil’s $140M Bank Heist Pulled Off With Just $2.7K
In a stunning breach of cybersecurity, hackers stole an estimated $140 million (R$800 million) from six Brazilian banks by bribing a single IT technician for only $2,700.
The digital heist occurred on June 30, 2025, targeting C&M Software, a critical intermediary linking financial institutions to the Central Bank of Brazil and its widely-used PIX payment system.
Inside the Heist: A $2.7K Bribe for $140M Access
At the center of the operation was João Nazareno Roque, a 48-year-old IT technician. According to reports, Roque was approached in March outside a São Paulo bar by cybercriminals posing as friendly strangers. He was paid R$5,000 (~$920) to hand over his corporate login credentials, followed by another R$10,000 (~$1,850) in cash to execute specific commands inside the system.
Secrecy & Coordination
Roque communicated with the hackers solely through mobile phones, reportedly switching devices every two weeks to avoid detection. Payments were delivered using motorcycle couriers. Despite these efforts, he was arrested by police on July 3, 2025.
A Human Failure, Not a Technical One
C&M Software stated the breach was due to social engineering—not a vulnerability in its systems. Hackers accessed institutional reserve accounts rather than personal customer accounts, making the theft swift and large-scale.
Fallout & Response
Following the breach, the Central Bank of Brazil ordered C&M Software to disconnect from all banking systems, temporarily suspending PIX services.
Authorities have recovered about $55 million (R$270 million), while another $30M–$40M is believed to have been laundered into cryptocurrencies like Bitcoin, Ethereum, and Tether using unregulated exchanges.
ZachXBT, a blockchain investigator, is now working with law enforcement to trace and freeze the laundered digital assets.
What’s Next?
C&M Software says its systems are secure and fully operational again. In a statement, they emphasized:
“The incident was the result of social engineering techniques, not technical failure. Our security infrastructure was essential in detecting and isolating the breach.”
The Central Bank has increased oversight of PIX transactions and is collaborating with investigators to recover more of the stolen funds.