Brazilian banks lose $140m, Telegram outages in Russia and other cybersecurity news

A round-up of the week’s most important cybersecurity news.

Brazilian banks lose $140m after an insider hands over access

On July 7 it emerged that one of the year’s biggest cyberattacks on the banking sector had struck. Criminals stole about $140m from six Brazilian financial institutions using credentials belonging to an employee of C&M Software.

The incident occurred on June 30, when the attackers bribed Joao Nazareno Roque and obtained access to the system. According to police, he also provided instructions on specific actions that ensured the attack’s success.

He priced his part at $920. Later, following the attackers’ guidance, he executed commands inside C&M’s infrastructure. For this, he earned an additional $1,850, the outlet reports.

Roque tried to cover his tracks by changing mobile phones every 15 days. However, on July 3 he was detained in São Paulo.

Rough estimates suggest at least $30–40m of the haul was converted into cryptoassets. According to an on-chain investigation by ZachXBT, the attackers moved funds into BTC, ETH and USDT via Latin American over-the-counter desks and crypto exchanges.

Russia’s Faster Payments System and Telegram suffer outages

On July 10, the Faster Payments System (SBP) in Russia suffered an outage. Complaints began at 16:00 (MSK) from St Petersburg, Moscow, the Yamalo-Nenets Autonomous Okrug, Tver and Nizhny Novgorod regions, and elsewhere.

The Centre for Monitoring and Managing the Public Communications Network emphasised there were no DDoS attacks on the infrastructure of НСПК.

On social media, users complained about bank services and being unable to transfer funds or pay via SBP.

NSPK, the system’s developer and operator, linked the incident to a provider. Service was restored near midnight.

On June 7 a large-scale Telegram outage occurred. Russian users complained about unavailable notifications, problems sending messages and loading the app.

Basketball player suspected of cyber extortion 

On July 9 it became known that Russian professional basketball player Daniil Kasatkin had been detained. According to media reports, he was arrested on June 21 at Charles de Gaulle airport in France at the request of US authorities. He is accused of serving as a negotiator for a hacker network that used ransomware.

Kasatkin is currently in custody, and US representatives are seeking his extradition to face charges. His lawyer has asserted his innocence.

The gang’s name has not been disclosed. It is known only that between 2020 and 2022 the attackers carried out more than 900 attacks on various organisations, including two federal agencies.

A flaw in McDonald’s AI bot exposed its hiring database

According to Wired, on June 9 researchers Ian Carroll and Sam Curry discovered critical vulnerabilities in the McHire system. The platform recruits employees for McDonald’s using an AI bot named Olivia.

Using rudimentary passwords such as “123456”, the researchers gained access to the admin panel of the platform’s developer, Paradox.ai. It contained a database with 64m records, including applicants’ names, emails and phone numbers. Access had been open since 2019 without two-factor authentication.

When applying for a job at McDonald's, over 90% of franchises use "Olivia," an AI-powered chatbot. We (@iangcarroll and I) discovered a vulnerability that could allow an attacker to access the over 64 million chat records using the password "123456".https://t.co/dBqpRpdp9T

— Sam Curry (@samwcyo) July 9, 2025

Paradox.ai acknowledged the leak and said the account was not used by third parties other than the researchers. The company promised to introduce a bug-bounty programme to prevent similar incidents in future. McDonald’s, for its part, said the flaw was fixed on the day it was discovered.

Carroll noted that he learned about this “horrifying level of security” only because he was intrigued by screening potential workers via an AI bot and a personality test.

“It seemed especially dystopian to me compared to the usual hiring process, right? That is exactly what prompted me to dig deeper. I started applying for a job, and within 30 minutes we had full access to almost all the applications ever submitted to McDonald’s in recent years,” he stressed in a comment to Wired.

Bitcoin Depot ATM operator failed to safeguard data of 27,000 customers

The operator of a network of bitcoin ATMs with more than 17,000 machines in the US, Canada and Australia, Bitcoin Depot notified customers of a personal-data breach.

Suspicious activity on the network was first detected on June 23, 2023, and the company’s internal investigation concluded in July 2024. US law-enforcement agencies asked that public disclosure be delayed until their own investigation was complete.

According to a letter to victims, documents relating to about 27,000 customers who completed KYC procedures fell into the attackers’ hands.

The type of leaked data varies by person but may include:

• full name;
• phone number;
• driver’s licence number;
• residential address;
• date of birth;
• email.

No financial compensation or identity-theft protection is offered, as the risks relate to cryptoassets. Instead, victims were advised to remain vigilant and monitor bank statements.

Also on ForkLog:

• A hacker returned $40m stolen from GMX.
• Researchers prevented the theft of $10m from DeFi protocols.
• A hacker hacked the GMX DEX for $42m.
• Data as an asset: a new factor of production with Chinese characteristics.
• Jack Dorsey unveiled an encrypted Bluetooth chat.
• An expert suggested the hacking of bitcoin wallets holding $8.6bn.

What to read this weekend?

We examine how a corruption scandal linked to bitcoin sales could reshape the Czech Republic’s political landscape.