$2,800.00 bribe led to $148 million hack of Brazilian finance firms; $40 million laundered via crypto

Hackers stole up to $148 million from the central bank reserve accounts of at least six Brazilian financial institutions after paying an IT worker just $2,770 in bribes to gain access to the system, according to Brazilian authorities and local media reports.

The 48-year-old IT worker, João Nazareno Roque, worked for the software company C&M, which was contracted as a banking intermediary to handle payment infrastructure between smaller institutions and the central bank. Roque told police he was approached by a man who knew of his work at C&M outside a bar, and eventually agreed to provide the man access to C&M's internal systems for a total of R$15,000 Brazilian real, or around $2,770 USD, according to local media site g1 Globo.

The hackers then used their privileged access to divert around R$800 million, or $147.7 million, from client institutions' accounts at the central bank to accounts controlled by the hackers, early in the morning on June 30. The fraudulent transfers were halted around two and a half hours later, when BMP, one of C&M's clients, was alerted to the suspicious transfers.

The hackers have converted around $30-40 million worth of stolen funds into BTC, ETH, and USDT using over-the-counter exchanges, which are sometimes used by threat actors to launder illicit funds, according to an estimate from blockchain sleuth ZachXBT.

A Brazilian court has frozen some destination accounts allegedly used by the attackers, with around $50 million worth of stolen funds. BMP, which suffered a loss of around $73.8 million, has recovered around $29.5 million worth of the funds, the firm's CEO, Carlos Benitez, told NeoFeed.

Roque was arrested on July 3, about 48 hours after the attack, and is currently being held pending further investigation. A source told Reuters that no clients suffered losses as a result of the hack, because the losses were confined to banks’ reserve balances held at the central bank.