Dhaka: Bangladesh's central bank has confirmed that its account at the US Federal Reserve Bank was hacked and over $100 million stolen from foreign reserve. A Bangladesh Bank spokesman confirmed the theft on Thursday amid media uproar after sources in the central bank hinted that unknown hackers had stolen $101 million of which $81 million entered the Philippines and the rest went to Sri Lanka to be used in casino business.
"They ordered transfers out of a Federal Reserve Bank of New York account held by Bangladesh Bank," said central bank spokesman Subhankar Saha.
He said hackers had breached the security system of the bank in early February and stole credentials for payment transfers, in one of the biggest bank thefts in history. The hackers had sent 35 advices to the US Federal Bank but only five of those were complied with until the theft was unearthed, he added.
Bangladesh Bank officials said while $81 million of the stolen amount entered the Philippine banking system on February 5 and several layers of subsequent transactions made their way out into Hong Kong, the rest $20 million ended up in Sri Lanka.
They said the thieves thereafter took an attempt to launder a further $870 million through the same channel, but their plan was foiled after an American bank recalled the transfer order.
"The American bank contacted us when they got their anti-money laundering alert to confirm if the pay order actually came from us. We straightaway replied in the negative and so the payment was stopped," Saha said.
Cyber security experts said the perpetrators of heist had deep knowledge of the institution's internal workings which they might have gained by spying on bank workers. The bank said they launched a massive investigation into the theft and expected the amount to be returned while unconfirmed reports said the central bank sent its two officials to the Philippines to demand the return of the funds.
The US Federal Bank responded to the hacking, saying there was no evidence that its systems were compromised in the cyber attack, according to international media reports. The bank said they followed normal procedures when responding to requests that appeared to be from Bangladesh Bank, which were made and authenticated over Society for Worldwide Interbank Financial Telecommunication (SWIFT).
A Chinese-Filipino businessman was the mastermind of the theft who had moved the funds to three casinos, where they were converted into chips for betting at the gaming tables, according to the Philippine Daily Inquirer.
The chips were then converted back into cash and remitted to accounts in Hong Kong soon after by him.