Overview
- Federal Police arrested João Nazareno Roque on July 3 after he confessed to selling his C&M Software credentials for R$15,000 and aiding in breach-enabling software.
- Authorities are seeking at least four additional accomplices linked to the June 30 attack that drained six banks’ reserve accounts in under three hours.
- Law enforcement has recovered portions of the stolen R$800 million and traced laundered proceeds through Bitcoin, Ethereum, and Tether.
- Brazil’s central bank ordered C&M Software offline on July 2, triggering temporary Pix service disruptions for around 23 smaller banks and fintechs.
- Official analyses confirm that C&M Software’s systems had no technical vulnerabilities, highlighting the breach as a case of social engineering and insider collusion.