A spelling mistake in an online bank transfer instruction helped prevent a nearly $1bn heist last month, involving the US Federal Reserve Bank of the Bangladesh Central Bank. But the hackers still managed to get away with about $80m, one of the largest known bank thefts in history.
The hackers breached Bangladesh Bank’s systems and stole its credentials for payment transfers. They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh Bank’s account there to entities in the Philippines and Sri Lanka.
Four requests to transfer a total of about $81m to the Philippines went through, but a fifth, for $20m, to a Sri Lankan NGO failed because the hackers misspelled the name of the NGO, Shalika Foundation. They misspelled “foundation” in the NGO’s name as “fandation”
This prompted a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction. The transactions that were stopped totalled $850m to $870m.
Last year, Russian computer security company Kaspersky Lab said a multinational gang of cyber criminals had stolen as much as $1bn from as many as 100 financial institutions around the world in about two years. This underscores the growing threat of cybercrime.
It also shows how hackers can find weak links in even the most secure computer networks. More than a month after the attack, Bangladeshi officials are scrambling to trace the money. They said there is little hope of ever catching the hackers, and it could take months before the money is recovered, if at all…. bt dts if it hasn’t made it to 9ja…. Cc: @south_jay