Bangladesh: Typo Triggers Alarm, Prevents Billion Dollar Bank Heist
Cybercriminals managed to steal around US$ 80 million from the accounts of Bangladesh’s central bank last month, but a spelling mistake prevented them from taking nearly US$ 1 billion, according to the Guardian.
The criminals hacked into Bangladesh Bank’s systems and stole credentials for payment transfers between Feb. 4 and Feb. 5. They then sent numerous requests to move money from the bank’s accounts at the Federal Reserve Bank of New York to entities in the Philippines and Sri Lanka, the Guardian said. Bangladesh Bank has billions of dollars in a Federal Reserve account for use in international transactions.
Four requests saw an estimated US$ 81 million transferred to the Philippines, but a US$ 20 million transfer to Shalika Foundation, purportedly a Sri Lankan NGO, was blocked after the criminals spelled “foundation” as “fandation”.
The error aroused suspicion with Deutsche Bank, through which the money was routed. Deutsche Bank asked Bangladesh Bank for clarification, which ultimately blocked further transactions worth an estimated US$ 850 million to US$ 870 million, Reuters said. Bankers in New York also alerted Bangladesh Bank to a high number of payment requests. Experts say the criminals most likely knew about the bank’s inner workings from spying on bank workers, the Guardian reports.
Some of the stolen money has been brought back, but Bangladeshi Finance Minister Abul Maal Abdul Muhith said that a case may be filed against the Federal Reserve to recover lost funds, the Dhaka Tribune writes.
The New York bank should be held responsible as they were the custodian of Bangladesh Bank’s money, Muhith said. He added that they had obtained evidence against the Federal Reserve, and the central bank had “no fault regarding the hacking,” according to the Dhaka Tribune.
The New York Federal Reserve said on Twitter that there was “no evidence of attempts to penetrate Federal Reserve systems.” They said they have been working with the central bank since the incident occurred, Reuters wrote.