On this week’s episode of “What Could Possibly Go Wrong?”, an IT worker has been nabbed in connection with a $100 million cyber theft. The crazy part? He allegedly sold his login credentials to hackers for a mere $2,700.
Brazilian police have arrested an IT employee for facilitating a theft exceeding $100 million from the nation’s instant payment system, PIX. The incident, which saw funds siphoned from at least six financial institutions, reinforces the critical vulnerabilities introduced by human error.
João Roque, an employee at C&M Software, a company integral to the PIX system’s operations, was taken into custody after admitting to selling his login details to hackers for approximately $2,700 in cash. According to police, Roque met the perpetrators at a bar, who then provided him with instructions on how to create additional accounts and enable remote access within the system, effectively granting them a backdoor into the sensitive financial infrastructure.
Authorities revealed that over 540 million Brazilian reais (more than $98.3 million) was stolen from at least one financial institution, with investigations ongoing into potential further losses from other banks.
The Central Bank has taken immediate action, restricting access to parts of C&M Software’s system. At the same time, police continue their search for at least four other individuals believed to be involved in the sophisticated operation. Approximately $49 million connected to the theft has reportedly been frozen. Cryptocurrency investigator ZachXBT is reportedly tracking some of the stolen funds, noting conversions into Bitcoin, Ethereum, and USDT.
The breach serves as a stark warning about the dangers of insider threats and the ripple effect of compromised credentials. Even with advanced cybersecurity safeguards in place, the weakest link often remains the human element.
Beyond the immediate financial impact, the theft raises serious concerns about data privacy and security. The compromised system handles sensitive transactional data, and any unauthorized access poses a significant risk to the privacy of individuals and financial institutions alike.
 | PIVX: Your Rights. Your Privacy. Your Choice |
| PIVX.org | Discord | Telegram | X | Github |
| MEXC | Binance | Poloniex | XT.com | WhiteBIT | LBank | Coinstore | Biconomy | And more! |