Bangladesh Bank hacked and lost $100 million

One of the largest bank heist in the history of Bangladesh where the central bank of Bangladesh lost $100 million after apparently obtaining payment-transfer codes by hackers and moved money to overseas. Also, the central bank of Bangladesh was able to stop the further amount of $870 million initiated by an attacker.

However, Bangladesh Finance Minister Abul Maal Abdul Muhith says his government holds the New York Fed responsible for any unrecovered losses. “The Federal Reserve is liable for all this. Those who handle this account, they made an error,” he said in a statement.”What we have gathered is that the Federal Reserve had sent a message to Bangladesh Bank, saying, ‘We have got an instruction of this nature from you, please confirm’ [and] Bangladesh Bank replied that it was false. But the transaction had taken place before Bangladesh Bank’s response reached them. So, the Federal Reserve in no way can deny its responsibility.”

 But, New York Fed has denied those statement saying there is “no evidence that any Fed systems were compromised.” Also, they added the transfers were correctly authorized which are according to standard authentication protocols.


Multiple security experts have suggested that the attackers may have convinced one of the insiders with whom they studied whole bank’s internal working structure and stole money.

How was money transferred?

Transfer of money from Central Bank of Bangladesh is done from SWIFT, a Belgium-based cooperative banking messaging platform that banks use to move money internationally. According to Bangladesh’s Bengali-language newspaper Prothom Alo in February 5, 30 SWIFT request was made using Bangladesh Bank’s SWIFT code among which only 5 was successful.

Next, Philippine Daily Inquirer reports that stolen $951 million was transferred to 5 different accounts to Philippines Bank, Rizal Commercial Banking Corporation via SWIFT. Bank release $81 million to their client whereas they were able to hold additional $951 million which was transferred to different account after they receive “MT103” SWIFT alert.

Before hacker deposit amount of $81 million to philippine bank it was first transferred to three U.S. banks in Feb. 5 Bank of New York, Citibank and Wells Fargo – before being moved via international wire transfers into five RCBC accounts that had been opened a few months previously, using fake identities. Next, those funds were then converted to Philippine pesos using the foreign exchange broker Philippine Remittances, a.k.a. Philrem, transferred back to the RCBC accounts, which used to buy gaming tokens at three casinos, then re-deposited as winnings. Government officials have said that the funds were then moved to a bank account controlled by an unnamed Chinese-Filipino businessman and ultimately moved overseas, including to one or more accounts in Hong Kong.

Meanwhile, $20 million stolen by attackers has been recovered, after hackers mistakenly misspelled the non-profit organization based on Sri Lanka – Shalika Foundation – to which they were trying to transfer the money. The hackers reportedly typed “fandation,” instead of foundation thus prompting one of the routing banks, Deutsche Bank, to flag the transaction for further review by Bangladesh Bank, ultimately resulting in the transfer being stopped.

From the Bangladesh Bank heist suggest, SWIFT is not immune to being used by criminals. For example, the gang behind the notorious Carbanak – a.k.a. Anunak – campaign worked in part by infecting bank systems with malware, then used SWIFT transfers to move money out of the hacked financial services firms, after studying how the firms crafted their related messages and emulating them, according to researchers at security firm Kaspersky Lab. Carbanak has been tied to $1 billion in losses.

So, it is better to test your network with cybersecurity firm and train staff within the organization to stop being hacked and involvement of any inner staff.

Manish Dangol

Leave a Reply

Your email address will not be published. Required fields are marked *