Brazil’s $140M Bank Heist Pulled Off With Just $2.7K

Table of Contents

Brazil’s $140M Bank Heist Pulled Off With Just $2.7K

In a stunning breach of cybersecurity, hackers stole an estimated $140 million (R$800 million) from six Brazilian banks by bribing a single IT technician for only $2,700.

The digital heist occurred on June 30, 2025, targeting C&M Software, a critical intermediary linking financial institutions to the Central Bank of Brazil and its widely-used PIX payment system.

Inside the Heist: A $2.7K Bribe for $140M Access

At the center of the operation was João Nazareno Roque, a 48-year-old IT technician. According to reports, Roque was approached in March outside a São Paulo bar by cybercriminals posing as friendly strangers. He was paid R$5,000 (~$920) to hand over his corporate login credentials, followed by another R$10,000 (~$1,850) in cash to execute specific commands inside the system.

Secrecy & Coordination

Roque communicated with the hackers solely through mobile phones, reportedly switching devices every two weeks to avoid detection. Payments were delivered using motorcycle couriers. Despite these efforts, he was arrested by police on July 3, 2025.

A Human Failure, Not a Technical One

C&M Software stated the breach was due to social engineering—not a vulnerability in its systems. Hackers accessed institutional reserve accounts rather than personal customer accounts, making the theft swift and large-scale.

Fallout & Response

Following the breach, the Central Bank of Brazil ordered C&M Software to disconnect from all banking systems, temporarily suspending PIX services.

Authorities have recovered about $55 million (R$270 million), while another $30M–$40M is believed to have been laundered into cryptocurrencies like Bitcoin, Ethereum, and Tether using unregulated exchanges.

ZachXBT, a blockchain investigator, is now working with law enforcement to trace and freeze the laundered digital assets.

What’s Next?

C&M Software says its systems are secure and fully operational again. In a statement, they emphasized:

“The incident was the result of social engineering techniques, not technical failure. Our security infrastructure was essential in detecting and isolating the breach.”

The Central Bank has increased oversight of PIX transactions and is collaborating with investigators to recover more of the stolen funds.

What's Hot

Apple September 9, 2025 Event: iPhone 17, Apple Watch Ultra 3, AirPods Pro 3 & More

India says goodbye to GPS, to have its own desi navigation system, IRNSS

Ad Blockers Could be Banned in Germany

Apple September 9, 2025 Event: iPhone 17, Apple Watch Ultra 3, AirPods Pro 3 & More

India says goodbye to GPS, to have its own desi navigation system, IRNSS

Ad Blockers Could be Banned in Germany

Apple September 9, 2025 Event: iPhone 17, Apple Watch Ultra 3, AirPods Pro 3 & More

India says goodbye to GPS, to have its own desi navigation system, IRNSS

Ad Blockers Could be Banned in Germany

India Squad for Asia Cup 2025

Most Popular

Top 10 Most Popular Torrent Sites 2025

Toss Prediction for Today’s International Matches – February 13, 2025

Apple Agrees to $95 Million Settlement in Siri Privacy Lawsuit

Our Picks

Apple September 9, 2025 Event: iPhone 17, Apple Watch Ultra 3, AirPods Pro 3 & More

India says goodbye to GPS, to have its own desi navigation system, IRNSS

Ad Blockers Could be Banned in Germany

Subscribe to Updates

What's Hot

Massive $140M Bank Robbery in Brazil Cost Only $2,700 to Pull Off

Brazil’s $140M Bank Heist Pulled Off With Just $2.7K

Inside the Heist: A $2.7K Bribe for $140M Access

Secrecy & Coordination

A Human Failure, Not a Technical One

Fallout & Response

What’s Next?

Related Posts

Subscribe to Updates