Brazilian Banks Lose $140 Million in Hacker Attack

In a significant cybersecurity event, Brazilian banks suffered a substantial financial loss due to a coordinated hacker attack. On June 30, cybercriminals managed to steal approximately $140 million from six Brazilian financial institutions by exploiting the credentials of an employee at C&M Software. The employee, João Nazareno Roque, was bribed and instructed to perform specific actions that facilitated the attack. Initially, Roque received $920 for his involvement, and later, following the attackers' recommendations, he ran commands inside C&M's infrastructure, earning an additional $1,850.

Roque attempted to conceal his activities by frequently changing cell phones, but he was eventually detained in São Paulo on July 3. The stolen funds, estimated to be around $30–40 million, were converted into crypto-assets such as BTC, ETH, and USDT through Latin American OTC and crypto exchanges, according to an investigation by on-chain detective ZachXBT.

In another cybersecurity incident, Russian professional basketball player Daniil Kasatkin was detained on June 21 at Charles de Gaulle Airport in France at the request of U.S. authorities. Kasatkin is accused of acting as a negotiator in a hacker network that used ransomware. The athlete remains in custody, and U.S. authorities are seeking his extradition to face charges. His lawyer has declared his innocence. The hacker group, whose name has not been disclosed, reportedly carried out more than 900 attacks on various organizations, including two federal agencies, between 2020 and 2022.

Meanwhile, a critical vulnerability in McDonald's AI bot, Olivia, led to the leak of an employee hiring database. Researchers Ian Carroll and Sam Curry discovered the flaw on June 9, gaining access to the admin panel of the platform's developer, Paradox.ai, using simple passwords like "123456." The database contained 64 million records, including job seekers' names, emails, and phone numbers. Since 2019, the platform had been accessible without two-factor authentication. Paradox.ai acknowledged the leak and promised to implement a bug bounty program to prevent similar incidents in the future. McDonald's stated that the vulnerability was fixed the day it was discovered.

In another data breach incident, Bitcoin Depot, an operator of a Bitcoin ATM network, notified customers of a personal data leak. Suspicious activity on the network was first discovered on June 23, 2023, and the company's internal investigation concluded in July 2024. The attackers obtained documents belonging to approximately 27,000 customers who had completed KYC procedures. The leaked data varied from person to person but could include full names, phone numbers, driver's license numbers, residential addresses, dates of birth, and email addresses. No financial compensation or identity theft protection was offered, as the risks are associated with cryptocurrency assets. Victims were advised to remain vigilant and monitor their bank statements.

These incidents highlight the growing threat of cybercrime and the need for enhanced security measures in both the financial and corporate sectors. The theft from Brazilian banks underscores the vulnerability of financial institutions to insider threats and the importance of robust internal controls. The detention of Kasatkin and the McDonald's data breach illustrate the far-reaching impact of cybercrime, affecting both individuals and organizations. The Bitcoin Depot data leak further emphasizes the risks associated with cryptocurrency transactions and the need for stringent data protection measures.