While the hackers still hauled in around $80 million, spelling “foundation” incorrectly as “fandation” alerted officials at Deutsche Bank (one of the routing banks involved in the transfer between Bangladesh Bank and The New York Fed) and a near $1billion haul fell short with somewhere between $850 million and $870 million in transfers halted.
Smart enough to steal a billion, not smart enough to spell “foundation”
Hackers got away with roughly $80 million having secured the banking credentials necessary to make large transfers from the Bangladesh Bank. They used those credentials to request money from the bank’s account at the New York Federal Reserve. While four transfers were made to Sri Lanka and the Philippines, a fifth was stopped by Deutsche Bank for misspelling the foundation that the transfer was meant to be receive.
At the same time that Deutsche Bank was looking into the transfer, the New York Fed’s interest was piqued by the nearly 40 transfer requests to private entities rather than another bank and the Fed contacted officials at Bangladesh Bank.
While some of the money has been recovered, the bank is still working with authorities in the Philippines to recover the rest.
“The transaction was too large for a country like us,” said a Pan Asia Banking Corp. where the Sri Lanka transfer ended up arriving. “Then [Deutsche] came back and said it was a suspect transaction.”
Online bank robberies a real threat
Without elaborating, Russian computer security company Kaspersky Lab suggested last year that about $1 billion has been pilfered from as many as 100 banks around the world from 2013-2015.
While the Bangladesh government doesn’t have much hope of finding those responsible, they do hope that they can recover their money in the coming months but also realize some may never be recovered.
The finance minister, Abul Maal Abdul Muhith, speaking with reporters earlier this week said that Bangladesh is considering a lawsuit against the New York Fed.
“The Fed must take responsibility,” he said.
But has the Fed’s system wasn’t breached but rather the Bangladesh Bank, a successful lawsuit looks unlikely to succeed.
This brazen attack just shows the increasing danger of the “online heist.”
