$2,800 bribe led to $148m hack of Brazilian finance firms; $40m laundered via crypto
Quick Take
- A 48-year-old IT operator was bribed around $2,770 to allow hackers to gain entry to the central nank reserve accounts of at least six Brazilian financial institutions, resulting in a theft estimated at $148 million.
- Authorities said around $50 million has been frozen in one destination account, while the CEO of financial institution BMP said $29.5 million was recovered.
- Blockchain sleuth ZachXBT said around $30-40 million was converted to crypto via over-the-counter exchanges by the attackers.
Hackers stole up to $148 million from the central bank reserve accounts of at least six Brazilian financial institutions after paying an IT worker just $2,770 in bribes to gain access to the system, according to Brazilian authorities and local media reports.
The 48-year-old IT worker, João Nazareno Roque, worked for the software company C&M, which was contracted as a banking intermediary to handle payment infrastructure between smaller institutions and the central bank. Roque told police he was approached by a man who knew of his work at C&M outside a bar, and eventually agreed to provide the man access to C&M's internal systems for a total of R$15,000 Brazilian real, or around $2,770 USD, according to local media site g1 Globo.
The hackers then used their privileged access to divert around R$800 million, or $147.7 million, from client institutions' accounts at the central bank to accounts controlled by the hackers, early in the morning on June 30. The fraudulent transfers were halted around two and a half hours later, when BMP, one of C&M's clients, was alerted to the suspicious transfers.
The hackers have converted around $30-40 million worth of stolen funds into BTC, ETH, and USDT using over-the-counter exchanges, which are sometimes used by threat actors to launder illicit funds, according to an estimate from blockchain sleuth ZachXBT.
A Brazilian court has frozen some destination accounts allegedly used by the attackers, with around $50 million worth of stolen funds. BMP, which suffered a loss of around $73.8 million, has recovered around $29.5 million worth of the funds, the firm's CEO, Carlos Benitez, told NeoFeed.
Roque was arrested on July 3, about 48 hours after the attack, and is currently being held pending further investigation. A source told Reuters that no clients suffered losses as a result of the hack, because the losses were confined to banks’ reserve balances held at the central bank.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
