Hacker’s typo stopped a billion dollar bank heist from the Fed

A spelling mistake in an online bank transfer instruction helped prevent a nearly $1 billion heist last month involving the Bangladesh central bank and the New York Federal Reserve…

Unknown hackers still managed to get away with about $80 million, one of the largest known bank thefts in history.

The hackers breached Bangladesh Bank’s systems and stole its credentials for payment transfers, two senior officials at the bank said. They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh Bank’s account there to entities in the Philippines and Sri Lanka…

Four requests to transfer a total of about $81 million to the Philippines went through, but a fifth, for $20 million, to a Sri Lankan non-profit organization was held up because the hackers misspelled the name of the NGO, Shalika Foundation.

Hackers misspelled “foundation” in the NGO’s name as “fandation“, prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction, one of the officials said…

At the same time, the unusually large number of payment instructions and the transfer requests to private entities – as opposed to other banks – raised suspicions at the Fed, which also alerted the Bangladeshis…

The details of how the hacking came to light and was stopped before it did more damage have not been previously reported. Bangladesh Bank has billions of dollars in a current account with the Fed, which it uses for international settlements.

The transactions that were stopped totaled $850-$870 million…

Never steal anything small still works, I guess.

Initial releases of info on the crime is over here. No mention of the typo. Discussion I watched on BloombergTV Asia said there are 2-step verification protocols in place for Fed transfers – and they were ignored in favor of order entry codes. Whatever is true, I ain’t impressed – if it takes a typo to stop a con like this one.

2 thoughts on “Hacker’s typo stopped a billion dollar bank heist from the Fed

  1. moss says:

    Protocols are meaningless if you allow a workaround.

    Someone should tell the FBI the Constitution doesn’t allow workarounds. Probably should tell Republicam members of SCOTUS while you’re at it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.