BRAZIL – Authorities in Brazil have arrested João Roque, a 48-year-old employee of C&M Software, in connection with the theft of over $100 million through the country’s instant payment system, PIX.
According to reports from TV Globo and the Associated Press, Roque was arrested after admitting that he sold his login credentials to hackers for a total of $2,700 in cash. Roque, a member of C&M Software’s IT team, reportedly met the hackers at a bar, where they instructed him to provide account access and create new system profiles to enable remote system infiltration.
Authorities believe hackers used Roque’s access to breach PIX — a platform directly connected to Brazil’s Central Bank and widely used by financial institutions. The breach resulted in the theft of more than 540 million reais (approx. $98.3 million) from at least one bank, though six financial institutions are reportedly affected.
The Central Bank has now suspended portions of C&M Software’s system access, while police continue their investigation and hunt for at least four suspected hackers. So far, 270 million reais (around $49 million) in connected assets have been frozen.
C&M Software, one of only eight companies authorized by Brazil’s Central Bank to link directly to financial institutions, issued a statement calling itself a “direct victim of criminal action” and confirmed its cooperation with authorities.
Cryptocurrency investigator Zachary Wolk (ZachXBT) stated via Telegram that between $30 million to $40 million of the stolen funds have already been converted into Bitcoin, Ethereum, and USDT, making recovery more complex.
The case highlights growing concerns around insider threats and the security of real-time financial networks like PIX.
