Investigators Uncover ‘Trojan Horse’ Device in Foiled Million-Euro Cyber Heist at Banca Sella Branch in Sanremo
SANREM O, Italy — Italian authorities have discovered a sophisticated electronic “Trojan horse” device hidden inside a Banca Sella branch in Sanremo, marking a breakthrough in the investigation of a foiled cyber fraud attempt that could have siphoned millions of euros from customer accounts. The high-tech intrusion, uncovered on August 26, 2025, by investigators from the Genoa District Anti-Mafia Directorate (DDA), highlights the growing threats of cybercrime in the financial sector and the vigilance of bank security systems that thwarted the scheme at the last moment.
The device, described as an unauthorized piece of electronic equipment unrelated to the bank’s standard infrastructure, was found within the Sanremo branch on Via Escoffier. It is believed to have served as the entry point for hackers who infiltrated the bank’s computers, enabling them to authorize fraudulent wire transfers totaling approximately €6 million from six customer accounts. According to reports from La Stampa, the apparatus allowed the cybercriminals to bypass internal controls and execute illicit operations, but the bank’s automated security protocols detected the anomalies and blocked the transactions before any funds could be withdrawn, leaving the perpetrators empty-handed.
“Investigators specializing in computer fraud focused on this ‘intruder’ as a key piece of evidence that could help unmask the commando,” the report stated, emphasizing the device’s role in the attempted “millionaire blow” or heist. The discovery follows initial signs of tampering spotted by branch employees earlier in the week, including traces of silicone at the building’s entrance, which prompted immediate internal audits by Banca Sella’s security team.
The Attempted Cyber Intrusion: A High-Stakes Digital Break-In
The plot unfolded in recent days, with the cyber gang—referred to in Italian media as the “Wi-Fi band” for their alleged use of wireless hacking methods—gaining unauthorized access to the branch’s systems. Sources indicate the attackers employed advanced techniques to “effract” or breach a computer, likely using stolen access codes or a system capable of circumventing safeguards. This allowed them to initiate multiple unauthorized transfers targeting five to six clients, but the bank’s fraud detection mechanisms intervened swiftly, reversing the operations and preventing any financial loss.
Banca Sella, a prominent Italian banking group headquartered in Biella with a focus on digital innovation, confirmed the incident in a statement, praising its internal security apparatus for “unmasking the attempted fraud at the Sanremo branch.” The bank has been collaborating closely with authorities, providing digital traces and non-digital evidence that is tightening the noose around the suspects. While details on the exact technology remain under strict confidentiality to avoid compromising the probe, experts suggest the Trojan horse could be a hardware keylogger, USB implant, or network interceptor designed to capture credentials and relay data to remote operators.
This incident echoes past cyber threats against Italian banks, including phishing scams and malware campaigns targeting Banca Sella customers as far back as 2022. However, the physical implantation of a device inside the branch elevates the sophistication, pointing to an inside job or physical access by the perpetrators. No arrests have been announced yet, but the investigation is progressing rapidly, with digital forensics expected to yield IP addresses, timestamps, and other leads.
| Key Details of the Foiled Heist | Description |
|---|---|
| Location | Banca Sella branch, Via Escoffier, Sanremo, Italy |
| Date of Discovery | August 26, 2025 |
| Intended Theft Amount | Approximately €6 million from six customer accounts |
| Method | Electronic “Trojan horse” device for unauthorized access and fraudulent wire transfers |
| Outcome | Transactions blocked by bank security; no funds lost |
| Investigating Body | Genoa DDA, in collaboration with Banca Sella’s security team |
| Suspects | Unidentified cyber gang; probe ongoing for arrests |
Implications for U.S. Investors and the Global Financial Sector
For American stakeholders with ties to European banking—through investments, partnerships, or multinational operations—this case serves as a stark reminder of the vulnerabilities in cross-border financial systems. Banca Sella, which manages over €66 billion in assets and has piloted innovative services like stablecoin custody with firms such as Fireblocks earlier this year, exemplifies how even tech-forward institutions can be targeted. U.S. regulators, including the FDIC and SEC, have ramped up warnings about similar “man-in-the-browser” attacks and hardware-based intrusions, which have surged 20% globally in 2025 amid rising geopolitical tensions.
The foiled plot underscores the importance of multi-layered defenses, such as AI-driven anomaly detection and regular physical security audits, which Banca Sella credits for the save. Industry analysts predict this incident could prompt heightened scrutiny from the European Central Bank and Italian authorities, potentially leading to stricter compliance for branches in tourist-heavy areas like Sanremo, a coastal hub in Liguria popular with international visitors.
As the investigation continues, authorities are appealing for public tips, and Banca Sella has assured customers that their funds remain secure. This “Trojan horse” discovery not only averts a major blow but also provides crucial intelligence to combat evolving cyber threats, benefiting financial institutions worldwide. For U.S. firms operating in Italy or dealing with similar risks, it’s a call to reinforce cybersecurity protocols against both digital and physical incursions.