A statement from Europol said the unnamed man was held in Alicante after an investigation carried out by the Spanish National Police with help from the FBI, authorities from Moldova, Romania, Belarussia and Taiwan, and a number of private security companies.
The gang was behind malware known as Carbanak and Cobalt and had caused banks in more than 40 countries to suffer losses of more than €1 billion.
The malware was capable of facilitating the theft of large sums, with Cobalt allowing thefts of up to €10 million at a time.
Europol said all the attacks used a similar modus operandi. "The criminals would send out to bank employees spear phishing emails with a malicious attachment impersonating legitimate companies.
"Once downloaded, the malicious software allowed the criminals to remotely control the victims’ infected machines, giving them access to the internal banking network and infecting the servers controlling the ATMs. This provided them with the knowledge they needed to cash out the money."
The money was then cashed out in one of the following ways:
- ATMs were instructed remotely to dispense cash at a pre-determined time, with the money being collected by organised crime groups supporting the main crime syndicate: when the payment was due, one of the gang members was waiting beside the machine to collect the money being "voluntarily" spat out by the ATM;
- The e-payment network was used to transfer money out of the organisation and into criminal accounts; and
- Databases with account information were modified so bank accounts balance would be inflated, with money mules then being used to collect the money.
The European Banking Federation co-operated with Europol in bringing about the arrest.
EBF chief executive Wim Mijs said: "This is the first time that the EBF has actively co-operated with Europol on a specific investigation.
"It clearly goes beyond raising awareness on cyber security and demonstrates the value of our partnership with the cyber crime specialists at Europol.
"Public-private co-operation is essential when it comes to effectively fighting digital cross border crimes like the one that we are seeing here with the Carbanak gang."
Steven Wilson, head of Europol’s European Cyber Crime Centre, said: "This global operation is a significant success for international police cooperation against a top level cyber criminal organisation.
"The arrest of the key figure in this crime group illustrates that cyber criminals can no longer hide behind perceived international anonymity."