Hackers reportedly stole $100 million from the Central Bank of Brazil using security credentials purchased from an alleged insider.
According to a new AP report, the cyberattack targeted Brazil’s popular instant payment system, known as PIX, to steal the massive nine-figure sum.
-->Hackers were able to pull off the scheme by infiltrating the C&M system, the software company that facilitates connections between financial institutions and the central bank to enable PIX payment transactions.
Police say the hackers used security credentials they allegedly purchased from C&M employee João Roque, who they just arrested. Roque allegedly told investigators he was recruited by the hackers last year and sold them his credentials. The AP was unable to reach Roque’s attorneys for comment.
After gaining access to the C&M system, the hackers initiated fake PIX operations, making off with $100 million in a single night from financial institutions that are plugged into the C&M network.
Police say they are attempting to identify the hackers and that at least four other people participated in the crime. Authorities are also attempting to freeze the suspected stolen assets, and say they have blocked about half the stolen funds connected to the scheme.
In a statement published by local media, C&M says that it is cooperating with authorities and that the breach was likely due to unauthorized access to security credentials, not system flaws.
