Bangladesh Bank, NY Fed Reserve Nearly See a Billion-Dolllar Cyber Heist

Bangladesh’s central bank has admitted that its account at the U.S. Federal Reserve in New York has been targeted in a hack which saw $100 million stolen in a cyber heist. It could have been a lot worse however, with transactions totaling another $870 million were blocked in a potential billion dollar cyber heist.

It is among the largest bank cyber heists in history. The central bank of Bangladesh has revealed that its account in the Federal Reserve – an account used for international settlements – is the target of a cyber-heist which saw 35 separate requests to withdraw money totaling $951 million.

The unknown hackers who breached the computer systems of the bank successfully transferred up to $100 million to casinos in the Philippines. As reported by Reuters, bank officials from Bangladesh have revealed that they are working with anti-money laundering authorities in the Philippines.

The $100 Million Heist

The funds were withdrawn in early February using Swift, an interbank messaging system. About $100 million was moved via five separate transfer requests, with four ending up in the Philippines while the other $20 million went into an account in Sri Lanka.

The requests were “fully authenticated” the New York Fed revealed on Tuesday, noting that they came with the correct bank codes and from servers that appeared to belong to the Bangladesh central bank.

A New York Federal Reserve spokeswoman stated:

To date, there is no evidence of any attempt to penetrate the Federal Reserve systems in connection with the payments in question, and there is no evidence that any Fed systems were compromised.

A report from the Inquirer revealed that the $81 million stolen was initially wired to four foreign-currency accounts in the Rizal Commercial Banking Corp. The revelation was made by the publication which cited an RCBC memo detailing the bank’s initial findings during an investigation. These accounts were opened as early as May 2015 but hadn’t reported any activity until February this year, with the money wire transfers coming in from the New York Fed Reserve.

The central bank of Bangladesh holds nearly $30 billion in foreign currency reserves.

“Incompetent” Central Bank

Bangladesh’s Minister of Finance, Abul Maal Abdul Muhith has lashed out against the central bank after revealing that the bank’s officials had not informed the government about the heist.

Speaking to reporters in Dhaka, Bangladesh, he stated:

Bangladesh Bank has the audacity not to inform me [about the heist]. I am very unhappy about it. The handling of the matter by Bangladesh Bank is very incompetent.

So far, the authorities have only managed to freeze about $68,000 from the near $100 million. The relatively small figure is something that Bangladesh is expected to recover straightaway.

A Hacker’s Typo Prevents a Billion Dollar Heist

Altogether, the hackers sent in 35 requests to move money from the Bangladesh Bank’s account. While four requests went through, the fifth, for $20 million toward a Sri Lankan non-profit organization was held up. The reason? A spelling mistake which saw hackers misspell the name of the NGO, Shalika Foundation.

The hackers misspelled “foundation” with “fandation” instead, setting off a red flag with the routing bank Deutsche Bank. The bank sought clarification from the Bangladesh central bank about the transfer, which resulted in the transaction being predictably canceled.

Officials revealed to Reuters that the total number of blocked transactions totaled up to &870 million. If the entire operation went through without authorities being on alert, this would have been one of the very first instances of a single, comprehensive, one-off billion dollar heist.

Featured image from Shutterstock.

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.