Portuguese 
English 
Spanish 
4 min of reading 
0 comments 
Unprecedented Attack Moves Billion-Dollar Figures in Hours and Exposes Failures in the Digital Security System of the Brazilian Financial Sector. Case Mobilizes Authorities and Impacts Institutions Across the Country.
One of the most impressive cyber crimes ever registered in the country shook the Brazilian financial system in July 2025.
The hacker attack, classified by authorities as the largest cyber heist ever perpetrated against financial institutions in Brazil, diverted R$ 541 million through Pix transfers during the early morning hours, according to information released by the Civil Police of the State of São Paulo.
The criminal action targeted C&M Software, a company that provides services to over 20 financial institutions, and resulted in the immediate blocking of large sums and the arrest of one of the individuals involved, João Nazareno Roque.
-
Giant structures 14 meters beneath Egypt are revealed by satellites and expose a millennia-old secret buried in Buto.
-
Children have been making clay pieces for 15,000 years in Southwest Asia, and fingerprints preserved on 142 ornaments helped archaeologists prove this.
-
New semi-autonomous legged robot technology challenges the limitations of space exploration by operating almost without human intervention on the Moon.
-
Super toxic red mineral found in the double burial of two women aged 1,900 years near the banks of the Dnieper River in Ukraine.
Employee Facilitated Access to the System and Allowed Millionaire Fraud
Investigations detail that the invasion began to be orchestrated in March 2025, when João Roque, 42, then an employee of C&M Software, was approached by members of a gang specialized in digital crimes.
According to testimony given to the Civil Police, the initial contact happened after a night out at a bar in the western area of São Paulo, when Roque was sought out by a stranger interested in the internal systems of the company where he worked.
According to the suspect’s account, three other members of the group participated in the negotiations, always using messaging apps and audio calls, without face-to-face meetings with all involved.
After offering an initial amount of R$ 5 thousand, the criminals requested that the employee provide login and access password to the C&M systems.
Subsequently, João Roque reportedly received an additional R$ 10 thousand as compensation, totaling R$ 15 thousand paid for his collaboration.
Strategy of the Hackers and Execution of the Largest Cyber Heist in Financial Institutions
According to investigations conducted by the State Department of Criminal Investigations (Deic), the criminals acted in the early hours of Monday, June 30, 2025.
Taking advantage of the credentials provided by João Roque, the group accessed the system without raising suspicion and carried out a series of electronic transfers via Pix, reaching a total of R$ 541 million.
The money was diverted from BMP’s accounts, a payment institution that had transactions held by C&M, and transferred to other financial institutions.
The hacker attack took place in a short time frame, between 4 AM and 7 AM.
A third financial institution, not yet publicly identified, noticed unusual movements in its accounts and alerted BMP.
Starting at 4:30 AM, the financial department of the victim company was notified of the atypical movement and initiated an internal inquiry, identifying the fraud in real time.
Still during the early morning, the hackers’ operation was interrupted, and emergency meetings were held to assess the extent of the fraud and alert the police authorities.
Dynamics of the Hacker Attack and Police Actions
The Civil Police identified the heist as a qualified theft, carried out through fraud and abuse of trust.
According to Chief Delegate Arthur Dian, the volume of resources involved makes this the largest cyber crime ever recorded against financial institutions in Brazil in a single action.
The integrated work between the police and judicial authorities allowed for the quick identification of those involved and the blocking of suspicious accounts.
On the night of July 3, agents from Deic arrested João Nazareno Roque at his residence, where electronic equipment and devices were seized to be examined to support the investigation.
At the same time, the Justice determined the blocking of R$ 270 million in accounts that, according to the investigation, were used to receive part of the amounts diverted in the heist.
Profile of the Main Suspect and Involvement in the Hacker Attack
In the digital space, João Roque presented himself as a professional with two decades of experience in building and residential electricity, working on projects in AutoCad and having a recent history in technical areas, such as cable TV installation and alarm systems.
In search of reemployment, he began studies in Information Technology, as reported in public professional profiles.
For the Civil Police, his role as an insider, a term that defines the collaborator who provides privileged access to criminals, was crucial for the execution of the crime and allowed the gang to operate unnoticed until alerted by other financial institutions.
Positioning of C&M Software and the Central Bank
In an official statement, C&M Software highlighted that it immediately adopted all technical and legal measures to contain the hacker attack and collaborate with authorities from the very first moment.
The company emphasized that its security structure allowed tracing the origin of the unauthorized access, contributing to the advancement of investigations.
The company also stated that the attack did not originate from systemic failures, but rather from social engineering techniques, a term used to describe methods of psychological manipulation to obtain confidential information, such as credentials and passwords.
The Central Bank of Brazil also expressed itself, clarifying that C&M Software has no contractual relationship nor acts as a contractor for the agency, but only provides services for institutions that offer transactional accounts.
According to the Central Bank, the institution continues to monitor the case in conjunction with the responsible authorities.
-
Uma pessoa reagiu a isso.