An online bank robbery swindled 30 million reais ($ 5 million) from a steelmaker Gerdau account at Santander Bank last month. The money was sent to buy Bitcoin in the Brazilian market, but was stopped by local crypto exchanges.
According to the police report filed on April 20 and communicated to Portal do Bitcoin, the Spanish bank asked the prosecution to open an investigation into the aggravated thefts in Porto Alegre.
The document shows that on April 16, Gerdau informed Santander of the problem. According to an internal investigation, financial irregularities were found, then blamed on an attack on the steel manufacturer’s Internet bank account. Then, 11 electronic funds transfers were made to different locations.
Breakage blocks investigators
The amounts were transferred to the bank accounts of four companies located in São Paulo, Rio Grande do Sul and Rondônia. Santander watched the movement of money, which ended up arriving at Brazilian OTC trading offices.
However, it was not a simple hack.
Transfers were not made from a connection to a Gerdau account. The debit was made by another company, Mundial Illumination, also an account holder, located in the metropolitan region of Porto Alegre.
Thanks to Mundial’s Internet banking system, fraudsters were able to program and carry out transactions on electronic trading funds (ETFs). At the end of the operation, the coding of the internal channels of the system was manipulated to help move the money. Only the money did not come from the account of the connected company – Mundial – but rather from Gerdau.
“It is as if a corporate bank account has invaded another corporate bank account for the order to debit the bank,” said the investigation sent to the prosecutor.
According to the internal investigation, all transactions were made from the same IP address. The fraud had been planned for the previous week. Six days before the fraud, Santander blocked a Mundial Illumination transaction because it exceeded the typical transaction limit, a common security procedure.
A bank manager contacted the bank and requested that the transaction limit be lifted. This meant that high value transactions could now be made.
Exchange stolen money for Bitcoin
Although not included in Santander’s internal investigation, the stolen money was apparently used to try to buy Bitcoin via over-the-counter traders (who buy and sell large amounts of Bitcoin) on the Brazilian market.
In conversation with eight people involved in the case, the Portal do Bitcoin found that the hackers attempted to buy 30 million reais ($ 5 million) in cryptocurrencies, which sparked a storm of bank account freezes wherever the money went.
Any exchange that received a fraction of the money stolen from Santander quickly froze the funds.
It was not possible to confirm the amount of Bitcoin given to the fraudsters, because the amounts differ according to the people consulted – from 3.5 million reais ($ 600,000) to 15 million reais ($ 2.5 million) ).
“As it was a very high amount, 5 million reais [$900,000], we requested a bank statement from the original account. When we realized that the money we received had entered the original account the same day, we blocked the transaction. Immediately, the client started pressuring me to send Bitcoin, but I didn’t do it. Shortly after, the bank blocked my account, ”said the owner of an OTC trading office, who asked not to be identified.
Some of the funds may have been sent through other peer-to-peer exchanges.
Asked about the case by Portal do Bitcoin, Santander and Gerdau declined to comment on the matter.
[Thisstorywasoriginallypublishedon[Thisstorywasoriginallypublishedon[Cettehistoireaétéinitialementpubliéesur[ThisstorywasoriginallypublishedonPortaldoBitcoin.comand is shared by agreement with this site. It has been modified to conform to Decrypt’s style.]