Brazilian Hacker Faces Charges for Extorting $3.2M in Bitcoin Following Breach of 300,000 Accounts

A Brazilian national is officially charged in the United States with allegedly threatening to spread information stolen through a digital hack into a business system in March 2020.

Junior Barros De Oliveira, 29, of Curitiba, Brazil, faces eight separate charges: four related to coercive threats using information taken from protected electronic systems and four related to threatening communications, according to a newly unsealed indictment by the U.S. Department of Justice (DoJ).

The accused breached the computer infrastructure of the targeted organization, a Brazilian division of a New Jersey-based business. Then, on at least three different occasions, he used this illegal entry to obtain private client information from about 300,000 customers.

According to the allegations, De Oliveira then sent an email under a false identity to the company’s CEO in September 2020, demanding 300 bitcoin (an estimated $3.2 million at the time) in return for not selling the data.

A month later, the defendant forwarded the aforementioned communication to the CEO and a senior staff member working in the Brazilian branch.

In a follow-up email to an official of the company, De Oliveira expressed his “very interested” in helping them to fix this “security flaw,” but only in exchange for a 75 bitcoin (roughly $800,000 at the time) consulting fee. Additionally, the accused provided instructions on how to carry out the transfer to a Bitcoin digital wallet.

Each of the four charges of coercive threats carries a maximum sentence of five years in prison as well as a possible fine of $250,000 or twice the amount of any profit or harm made, whichever is higher.

In a similar vein, each of the four charges of menacing correspondence carries a maximum sentence of two years in prison as well as a possible fine of $250,000 or twice the amount of any profit or harm incurred, whichever is higher.