$2,800 bribe led to $148m hack of Brazilian finance firms; $40m laundered via crypto

Hackers stole up to $148 million from the central bank reserve accounts of at least six Brazilian financial institutions after paying an IT worker just $2,770 in bribes to gain access to the system, according to Brazilian authorities and local media reports. 

The 48-year-old IT worker, João Nazareno Roque, worked for the software company C&M, which was contracted as a banking intermediary to handle payment infrastructure between smaller institutions and the central bank. Roque told police he was approached by a man who knew of his work at C&M outside a bar, and eventually agreed to provide the man access to C&M's internal systems for a total of R$15,000 Brazilian real, or around $2,770 USD, according to local media site g1 Globo. 

The hackers then used their privileged access to divert around R$800 million, or $147.7 million, from client institutions' accounts at the central bank to accounts controlled by the hackers, early in the morning on June 30. The fraudulent transfers were halted around two and a half hours later, when BMP, one of C&M's clients, was alerted to the suspicious transfers. 

The hackers have converted around $30-40 million worth of stolen funds into BTC, ETH, and USDT using over-the-counter exchanges, which are sometimes used by threat actors to launder illicit funds, according to an estimate from blockchain sleuth ZachXBT. 

A Brazilian court has frozen some destination accounts allegedly used by the attackers, with around $50 million worth of stolen funds. BMP, which suffered a loss of around $73.8 million, has recovered around $29.5 million worth of the funds, the firm's CEO, Carlos Benitez, told NeoFeed . 

Roque was arrested on July 3, about 48 hours after the attack, and is currently being held pending further investigation. A source told Reuters that no clients suffered losses as a result of the hack, because the losses were confined to banks’ reserve balances held at the central bank.