While most bank heists involve masked robbers and getaway cars, this Brazilian cybercrime went straight for the digital jugular. In June 2025, a staggering 800 million reais (roughly $140 million) vanished from six financial institutions, all thanks to one tech insider who decided that loyalty had a price tag – and apparently, it wasn’t very high.
João Nazareno Roque, a backend developer at C&M Software, sold out for a mere R$ 5,000 to R$ 15,000 (about the price of a used car). The disgruntled employee handed over corporate credentials that gave hackers the keys to the kingdom. Talk about a terrible return on investment for the banking system. Initial contact with the cybercriminals occurred when Roque was approached by the hackers outside a São Paulo bar.
For the price of a used car, a disgruntled developer sold access to Brazil’s banking system and unleashed digital chaos.
The attackers didn’t waste time. Using C&M’s infrastructure – which connected local banks to Brazil’s Central Bank and PIX payment system – they orchestrated unauthorized transfers like symphony conductors. They even used Notion for real-time control, because apparently, even cybercriminals need proper project management tools these days. Law enforcement managed to freeze R$270 million in assets during their initial response.
The money moved fast. Within hours, $30-40 million was converted into cryptocurrencies – Bitcoin, Ethereum, and USDT – and scattered across exchanges in Brazil, Argentina, and Paraguay. Some crypto desks actually raised eyebrows at the suspicious amounts. A bit late for that, folks.
Roque tried to stay under the radar by constantly switching phones and sticking to electronic communication. But his elaborate game of digital hide-and-seek didn’t last long. Brazilian police nabbed him on July 4, 2025, less than a week after the heist. So much for those evasion tactics.
The breach exposed embarrassing security gaps in what should have been a fortress-like system. No adequate monitoring, weak authentication measures, and a single point of failure that would make any security expert cringe.
The Central Bank had to suspend C&M Software’s system access during the investigation, leaving everyone scrambling. Turns out, trusting one company with the digital keys to multiple banks might not have been the brightest idea in financial history.
