Paid $920 to enable $140M bank robbery - meet the ultimate cheap insider

[DeusEx 1,895]

In one of Brazil’s largest cyberheists, hackers stole $140 million from six major banks by bribing an IT insider—a developer at C&M, a firm that builds critical financial infrastructure linking banks to Brazil’s Central Bank.

Date of Attack: June 30, 2025

Insider Involved: João Nazareno Roque, a C&M employee

Payment for Betrayal: Just $920 for initial access + $1,850 for executing commands

Arrest: Roque was captured on July 3, 2025, in São Paulo after attempting to evade detection (e.g., swapping phones every 15 days).

How the Hack Unfolded

1️⃣ The Recruitment:

Hackers met Roque near a bar, convincing him to collaborate.

They communicated via Notion, directing him to manipulate C&M’s systems.

2️⃣ The Insider’s Role:

Roque provided his credentials and executed unauthorized transactions.

Attackers exploited PIX, Brazil’s instant-payment system (used by 76.4% of the population).

3️⃣ The Laundering:

$30–40 million was converted to crypto (BTC, ETH, USDT) via Latin American exchanges/OTC platforms.

One bank alone lost $100 million.

Why This Attack Matters

🔴 Supply Chain Weakness: Hackers targeted a third-party vendor, not the banks directly.
🔴 Social Engineering > Hacking: No technical exploits—just bribes and manipulation.
🔴 PIX as a Weapon: Brazil’s real-time payment system became the hackers’ exit route.

The Fallout & Investigation

Three active probes by Brazilian police (hackers’ identities still unknown).

C&M’s Defense: Claims its systems were "secure" and blames "pure social engineering."

Industry Alarm: Questions arise about insider-risk protocols at financial tech providers.

Key Takeaways

✅ Third-Party Risk is Exploding: Vendors with bank access are prime targets.
✅ Insiders Are the New Attack Vector: A $920 bribe can cost millions.
✅ Instant Payments = Instant Theft: PIX’s speed helped hackers vanish funds.

Quote from ZachXBT: "This wasn’t a hack—it was a heist with a keyboard. And it’s a blueprint for future