Brazilian police arrest IT worker over $100 million cyber theft

Police in Brazil have arrested an employee of a prominent software company after more than $100 million was stolen through an instant payment system called PIX.

Local news outlets and the Associated Press reported on Friday that João Roque, an employee of C&M Software, was nabbed by police and told them he sold his login credentials to hackers who had approached him earlier this year. 

Roque worked on the company’s information technology team and helped the hackers breach PIX — which links Brazil’s Central Bank to the country’s financial institutions. 

The outlet TV Globo reported that the 48-year-old Roque sold his account and password to the hackers for about $2,700 in two separate cash payments. He allegedly told investigators that he was approached at a bar by the hackers who asked for his account details. 

They later walked him through what he needed to do, which included creating separate accounts in the system and enabling remote access.  

Police told the Associated Press the hackers stole more than 540 million Brazilian reais (more than $98.3 million) from at least one financial institution but likely took more from other banks and lenders. TV Globo said at least six financial institutions were impacted. 

The Central Bank has shut off access to parts of C&M Software’s system and police are now searching for the hackers behind the incident, identifying at least four culprits. Another 270 million reais (about $49 million) connected to the incident has been frozen by authorities. 

C&M Software told local news outlets that they are cooperating with police. It is one of eight companies approved by the Central Bank to connect their system to financial institutions.

“The company is a direct victim of criminal action, which included the misuse of credentials to attempt to fraudulently access its systems and services,” the company told TV Globo in a statement last week.

On Telegram, prominent cryptocurrency investigator Zachary Wolk — who goes by the online alias ZachXBT — said he was tracking some of the stolen funds and saw about $30 million to $40 million converted into Bitcoin, Ethereum and USDT.