JARAGUA, BRAZIL – Brazilian police have arrested João Roque, 48, an IT employee at C&M, a company that links smaller banks to Brazil’s instant payment system, PIX. He is accused of helping a cyberattack that stole over $100 million USD (₹850 crores) about $2,850 USD (₹2.43 lakh) for giving his access password and entering commands into the C&M system. He also allegedly sold system access for about $about $1,900 USD (₹1.63 lakh). Roque claims he only spoke to the criminals by phone and changed devices every 15 days to avoid being tracked.
The Scope of the Cyberattack
The cyberattack hit at least six financial institutions, shaking the market. Hackers managed to breach C&M’s system and executed fake PIX transactions in a single night, specifically targeting only financial institutions. PIX, launched by the Central Bank of Brazil in November 2020, is Brazil’s instant payment system, allowing users to send and receive money 24/7 in real-time using various identifiers like a phone number, email address, Brazilian tax ID (CPF/CNPJ), or a random key. The scale of the fraud, totaling $100 million(₹850 crores) indicates a highly organized operation.
Ongoing Investigation and Repercussions
Police are actively searching for four more suspects involved in the cyberattack and have frozen about $51 million USD(₹436 crores) as part of the ongoing investigation. Brazil’s Central Bank has taken a significant step by suspending part of C&M’s operations in response to the breach. This action underscores the seriousness of the incident and the regulatory body’s commitment to protecting the financial system.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Company’s Response and Future Outlook
C&M has stated that it is fully cooperating with authorities and has taken prompt technical and legal actions. The company believes the breach likely stemmed from social engineering, rather than flaws in their systems. A statement shared by C&M reads, “So far, the evidence suggests that the incident was the result of the use of social engineering techniques to improperly share access credentials, and not of failures in CMSW’s systems or technology.” C&M also confirmed that it was not the origin of the incident and remains fully operational, with all its products and services functioning normally. Despite working in IT, Roque’s LinkedIn profile shows he has 20 years of experience as an electrician and four years as a cable TV technician, highlighting how individuals can be lured into such schemes.