A major cyberattack that caused significant damage to the financial system occurred in Brazil on June 30, 2025. This was reported by Zamin.uz.
This attack was notable not only for the large amount of money stolen but also for the serious test of trust in the banking system. According to local media reports, cybercriminals siphoned off a total of 140 million dollars from the accounts of six major banks in the country.
The main participant in this crime was not a bank or information technology specialist, but a regular employee who sold their account information at a low price. The central role in this crime was played by Joao Nazareno Roke, who worked at C&M company.
His simple action undermined the reliability of the entire financial system. He shared his personal account information with cybercriminals for just 2770 dollars.
Additionally, during the attack, he earned an extra 1850 dollars by performing a series of technical operations through the Notion platform. C&M develops software that connects Brazilian banks with the Central Bank.
The attack was carried out precisely through this communication chain, with hackers exploiting vulnerabilities in the PIX payment system. As a result, one of the banks lost approximately 100 million dollars.
This is considered one of the largest cyber threats recorded in the Brazilian financial system. Analysts, including well-known expert ZachXBT, identified that 30–40 million dollars of the stolen funds were converted into cryptocurrency.
The funds were "laundered" through several anonymous trading platforms and secure money exchange systems. These methods allowed cybercriminals to quickly transfer funds to international payment systems without leaving a trace.
This case shows that cyberattacks are carried out not only with software code but also with complex financial strategies. C&M is trying to defend itself.
An official statement emphasized that the attack was carried out not on the company's internal systems but through the employee's "social engineering" method. They believe that technically no code was breached, servers continued to operate, and no damage was done to the systems.
However, this explanation did not satisfy the wider public, as the issue pertains not only to the company but also to the entire payment system and the financial stability of the state. In conclusion, this cyberattack that occurred in Brazil not only led to financial losses but also clearly demonstrated how dangerous the consequences of internal betrayal can be.
An employee's small act for personal gain turned into a major problem for the entire country's financial system. This incident once again confirmed the need for effective measures against attacks that occur through human factors in banks and payment systems.
Financial security is now entering a new phase that requires strict control not only over software but also over human factors.
