According to the investigations, the C&M Software employee himself gave the criminals access to his work computer.

Agents from the Department of Criminal Investigations (DEIC) of the Civil Police of São Paulo arrested João Nazareno Roque, an employee of the technology company C&M Software, on Thursday (3) in the City Jaraguá neighborhood, North Zone of the capital.

He is suspected of involvement in the million-dollar hacker attack that took place last Monday (30), which targeted reserve accounts held at the Central Bank of at least eight institutions. The invaders attempted to launder part of the stolen money using cryptocurrencies.

According to the investigations, Roque gave the criminals access to his work computer. To the police, G1 reports, he said he sold his password for R$ 5 thousand to hackers in May and then, for another R$ 10 thousand, participated in the creation of a system to allow the diversions.

He also reported that he only communicated with the criminals by cell phone and did not know them personally. Moreover, the suspect mentioned that he changed his phone every 15 days to avoid being tracked.

An account with a balance of R$ 270 million, used to move diverted amounts, has already been blocked. The Federal Police continues to investigate the participation of other individuals involved in the scheme that may have caused a loss of up to R$ 1 billion to eight financial institutions connected to the Pix system through C&M.

According to Folha, the FS Group stated that this was the largest event of its kind recorded in Brazil. The publication also stated that the Federal Police did not participate in the operation but continues to investigate the facts in secrecy.

How was the hacker attack

The Federal Police were called after the technology company C&M Software suffered a hacker attack that resulted in the diversion of more than R$ 1 billion from reserve accounts operated at the Central Bank. From one of the affected institutions alone, R$ 500 million was taken.

The criminals attempted to convert part of the amounts into cryptocurrencies such as USDT and Bitcoin, using OTC desks and exchanges. Thanks to the detection of atypical activities by companies like SmartPay, which blocked suspicious transactions and initiated refunds, part of the funds was recovered.

According to Rocelo Lopes, CEO of SmartPay, the hackers used a scheme with newly created and 'straw' accounts to spread the stolen amounts and make tracking difficult. C&M confirmed the attack but did not reveal the extent of the damage. At that time, the Central Bank blocked the company's access to financial infrastructures while the Federal Police investigated the case.