How did $81 million go missing from the Bangladesh Bank's account at the New York Federal Reserve?
This cyber-heist took place back in February (although it was not widely reported until March), and here we are in July and there are still many unanswered questions.
In short, a group of computer hackers infiltrated the system of the Bangladesh Bank, the country's central bank. The inexpensive and somewhat outdated technology used by the bank is thought to have made it particularly vulnerable. The event has also raised concerns about the SWIFT system used for interbank communications.
After gaining access to the system and running a few preliminary tests, the hackers began placing requests for funds to be transferred from the bank's account with the New York Federal Reserve. The criminals requested $951 million—almost $1 billion—through 35 requests in a single day. Very cleverly, the cyber-criminals also disabled Bangladesh Bank's printers so that it didn't receive the potential fraud alerts from the NY Fed until four days after the heist had taken place.
However, the New York branch of the Fed has come under criticism for not having the proper mechanisms in place to catch these questionable requests earlier. There were several red flags: 35 transfers was extremely unusual, as the Bangladesh central bank usually only requested two per day; plus, the requests directed the money to the bank accounts of individuals, not technically illegal but a highly discouraged practice. In fact, the only reason the Fed started to question the requests was because one contained the word "Jupiter," which was flagged for a potential association with an Iranian shipping company under sanctions.
In total, five of the 35 requests were fulfilled automatically, sending $101 million to a handful of different bank accounts in the Philippines. It was later determined that these accounts were opened in 2015 using false documents. One transfer of $20 million to Sri Lanka was recovered, but the other $81 million got away scot-free.
Suspect Denies Involvement
By the time authorities in the Philippines were alerted of what had happened, a relatively meager $68,305 remained; the other millions had been withdrawn. Moreover, the paper trail led to a virtual black hole in the country's casinos, which (somewhat unbelievably) aren't subject to anti-money laundering laws—making them the perfect cover for washing the money. The country also has strict banking secrecy laws.
A pair of Chinese nationals living in the Philippines are suspected to have connections to the crime, especially since $21 million of the stolen money ended up in the account of a company owned by Kim Wong, an associate of the men who was owed about 450 million pesos ($9.45 million) in gambling debt by the pair. He did offer to return almost $5 million that remained in his possession.
The Bangladesh Bank blames the NY Fed for having no useful fail-safe in place; the Fed blames Bangladesh for having vulnerable technology. Many are suspicious than someone on the inside must have aided the hackers. Senate hearings are still ongoing in the Philippines over the matter.
The opinions and forecasts herein are provided solely for informational purposes, and should not be used or construed as an offer, solicitation, or recommendation to buy or sell any product.