The Federal Reserve Bank of New York had initially blocked hackers’ transfer requests that purported to be from the Bangladesh Central Bank, hours before approving $81 million in one of the largest ever singular cyberheists.
It was a fateful February day which saw the New York Federal Reserve approve four fraudulent requests to wire a total of $81 million from an account belonging to the Bangladesh Central Bank.
Reuters has now been revealed that the New York Fed had initially rejected 35 requests to transfer the funds from several overseas accounts. The 35 requests for money transfers are speculated to total over a billion dollars.
The publication cites two individuals, an NY Fed official and a senior Bangladesh Bank official who revealed that the Fed had rejected the transfer requests, before eventually fulfilling the resubmitted requests.
The NY Fed Reserve denied the transfer requests initially due to poorly formatted requests which weren’t compatible with the SWIFT messaging system. SWIFT has been under the spotlight itself lately, despite repeatedly denying that none of its systems were compromised.
The initially rejected requests had lacked the names of the receiving banks, a fact which counts for a major red flag. The requests came through after hackers had compromised the SWIFT network through the systems in place at the Bangladesh central bank.
Amazingly, the cybercriminals behind the heist resubmitted the same 35 requests and this time – the messages had the proper formatting. Moreover, the same requests were even authenticated by SWIFT.
Still, the NY Fed rejected 30 of those requests for a second time, despite approving five – which totaled a cool $101 million. One of those requests were later reversed, due to a misspelling. That request was for a total of $20 million.
The 30 resubmitted requests were blocked after being flagged for a review of economic sanctions, even before they were seen as potentially fraudulent transactions at a later time.
The official at the Bangladesh Bank noted that the New York Fed ought to have rejected all the transfer requests on both occasions.
A source close to the Southeast Asian bank stated:
Of course, we asked the Fed why the repetition of the names did not create red flags.
“They are saying they rejected 35 badly submitted ones,” the source said. “But when the requests were re-submitted, they “paid 5 of them and stopped 30. Why? They can give no answer.”
Featured image from Shutterstock.