Brazilian authorities have uncovered a sophisticated cyberattack that resulted in the theft of up to $148 million from the central bank reserve accounts of at least six financial institutions. The hackers gained access to the system by paying an IT worker just $2,770 in bribes.
The 48-year-old IT worker, João Nazareno Roque, worked for software company C&M, which handled payment infrastructure between smaller banks and the central bank. A man approached Roque outside a bar, offering him the bribe to gain access to his internal systems. Roque agreed and received the $2,770.
The hackers then diverted around $147.7 million from client institutions’ accounts at the central bank to their own accounts. However, the fraudulent transfers were halted after two clients alerted authorities to suspicious activity.
An estimate suggests that around $30-40 million worth of stolen funds have been converted into cryptocurrencies like Bitcoin and Ethereum using over-the-counter exchanges. A Brazilian court has frozen some destination accounts, while the affected banks have recovered around $29.5 million of the lost funds.
The IT worker, Roque, was arrested on July 3 and is currently being held pending further investigation. Despite the attack, no clients suffered losses due to the fact that the losses were confined to banks’ reserve balances held at the central bank.
Source: https://www.theblock.co/post/361172/2800-bribe-led-to-148m-hack-of-brazilian-finance-firms-40m-laundered-via-crypto