đ SĂŁo Paulo, July 2025 â Brazilian authorities have arrested JoĂŁo Nazareno Roque, an IT employee at software firm C&M, in connection with a cyberattack that siphoned over 540 million reais (approximately $100 million) from the countryâs banking infrastructure. The breach targeted PIX, Brazilâs instant payment system used by more than 76% of the population, and is considered one of the largest financial cybercrimes in the nationâs history.
đ Insider Access and Social Engineering Roque allegedly sold his system credentials to hackers for R$15,000, enabling unauthorized access to C&Mâs systems. He also assisted in developing tools to execute fraudulent PIX transactions. The attack, carried out in a single night, affected at least six financial institutions, though individual clients were not impacted.
đľď¸ Ongoing Investigation
- Police are pursuing four additional suspects believed to be involved in the scheme
- Authorities have frozen R$270 million in assets linked to the operation
- Roque reportedly used burner phones and changed devices every 15 days to avoid detection
đŚ Regulatory Response The Central Bank of Brazil has suspended parts of C&Mâs operations to prevent further breaches. C&M stated the incident stemmed from social engineering, not technical flaws, and confirmed it is cooperating with law enforcement.
đ Security Implications The case highlights vulnerabilities in third-party vendor oversight and the risks posed by insider threats. Experts warn that even robust systems like PIX can be compromised through human error and inadequate access controls.
This breach has prompted calls for stricter cybersecurity protocols across Brazilâs financial sector, including enhanced vetting of IT personnel and real-time monitoring of payment systems.
