Undisclosed financial institutions (ATM network)
July 30, 2025
•[ backdoor, financial theft, atm hacking ]
Infosecurity reports cybercriminals used Raspberry Pi devices to install a backdoor in ATM networks to steal funds.
C&M Software (service provider to Banco Central ecosystem)
July 2, 2025
•[ insider threat, compromised credentials, financial theft ]
Attackers allegedly bought an employee's credentials for ~$2,700 to access C&M systems and steal BRL 800M from connected institutions; part converted to crypto and laundered.
Infini (Infini Earn)
February 24, 2025
•[ insider threat, financial theft, cryptocurrency ]
A former developer or compromised admin key was used to withdraw $49.5 million from Infinis smart-contract vault on February 24 2025. The attacker converted USDC to ETH and moved the funds off-chain. Infini, a Hong Kong-based stablecoin bank, offered a 20% bounty for fund return and filed legal action against a former developer in Hong Kong.
