Hackers have stolen nearly $140 million from six major banks in Brazil by exploiting insider access at C&M, a company that provides financial connectivity services.
The breach occurred on June 30, after attackers successfully bribed a C&M employee to hand over sensitive credentials and perform specific actions to support the cyberattack.
According to Brazilian media reports, the employee, João Nazareno Roque, sold his login credentials for approximately $920, granting hackers access to a system linked to Brazil’s Central Bank. Roque later received an additional $1,850 after executing commands within C&M’s systems as instructed via the Notion collaboration platform.
Roque reportedly attempted to cover his tracks by frequently changing mobile phones but was arrested on July 3 in São Paulo. Investigators believe the attackers approached him after identifying him as a potential weak link, similar to a recent Coinbase-related incident in which customer support agents were bribed in India.
Brazilian authorities have launched three separate investigations into the large-scale theft. However, details about the identities of the hackers remain undisclosed.
Meanwhile, blockchain investigator ZachXBT revealed that between $30 million and $40 million of the stolen funds have already been converted into cryptocurrency assets like Bitcoin (BTC), Ethereum (ETH), and USDT. The threat actors allegedly used various crypto exchanges and unlabeled Latin American OTC markets to launder the funds. ZachXBT said he is actively tracking wallet addresses and working with authorities to freeze the stolen assets.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
In a public statement, C&M emphasized that its core systems remain secure and that the breach resulted from social engineering, not a technical vulnerability. The company credited its internal security framework with helping identify the insider activity and supporting the ongoing police investigation.
