Spelling Error Prevents Hackers Stealing $1bn from Bangladesh Bank in Cyber Heist
17 Mar 2016

It has been revealed that a spelling error prevented hackers from stealing around $1bn from Bangladesh Bank last month.

The hackers managed to infiltrate the bank’s security systems, using stolen credentials to pose as Bangladeshi officials. They then sent requests to transfer funds from Bangladesh Bank’s current account at the New York Federal Reserve, which holds over $1bn in funds for international settlements.

The hackers successfully stole $101m from the bank, transferring assets to bank accounts held in the Philippines and Sri Lanka.

Four transfer requests, totaling $81m, were accepted and successfully transferred to the accounts in the Philippines. However, routing bank, Deustche Bank, became suspicious of a request to send $20m to a Sri Lankan non-governmental organisation (NGO), Shalika Foundation, and contacted Bangladesh Bank for confirmation of the transfer.

Deustche Bank was alerted due to a typo in the name of the organisation, as the hackers misspelled “Foundation”, instead typing “Fandation”. It has since come to light that there is no Sri Lankan NGO registered under the name Shalika Foundation.

Bangladesh Bank has managed to recover the $20m, but a remaining $81m is yet to be recovered as the funds were sent to accounts in the Philippines and diverted to casinos. The Philippines Anti-Money Laundering Council has frozen these bank accounts.

It is believed that the hackers could have stolen up to $1bn, as transfers of $870m were subsequently stopped following the discovery of the typo.

Bangladesh’s Finance Minister, Abul Maal Abdul Muhith, has since spoken to the media, stating that the country would be prepared to sue the New York Federal Reserve to recover any money lost. The New York Federal Reserve responded to these comments through its official Twitter account, stating that an investigation showed that its systems had not been breached.

A spokeswoman from the New York Federal Reserve also stated that instructions to make the transfers from the Bangladesh Central Bank account had followed the correct protocols and were even authenticated by the SWIFT message system used by financial institutions.

The New York Federal Reserve, the Philippine Amusement and Gaming Corp and the Philippine Anti-Money Laundering Council are each launching investigations to aid Bangladesh Bank.

Count this content towards your CPD minutes, by signing up to our CPD Wallet


You must be logged in to post a comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.