The hack in question took place at the start of February and targeted Bangladesh’s central bank, which was breached in a manner that did not initially raise any suspicion. The hackers then used that official channel to contact the Federal Reserve Bank of New York, and began issuing transfer orders that sent millions overseas.
Requests successfully directed over $80 million to accounts in the Philippines and Sri Lanka, with further planned payments of over $850 million. However one $20 million payment request was flagged by the routing bank, Deutsche Bank, when it was noticed that the name of the recipient organization, Shalika Foundation, was spelled “fandation” (as per the Guardian).
Related: Department of Defense recruits white hats for ‘Hack the Pentagon’ program
With that request flagged, all others were halted as a routine security measure and it was soon discovered that these transactions were anything but approved by the Bangladeshi bank. Some of the sums were also noted for their surprising size, though individually that may not have been enough to manually vet the transfers.
The Bangladeshi bank holds billions of dollars with the Federal Reserve and could potentially have seen much of it disappear if this spelling mistake had not triggered a further inquiry.
Now, more than a month on from the hack, officials at the Bangladeshi bank say that they have been able to recover some of the funds, but that there are still many millions outstanding. Moreover, it’s still not entirely sure how the bank was hacked in the first place.
The bank sees it as extremely unlikely that those who perpetrated the hack will ever be caught, suggesting that this was a highly successful digital attack. Although the nationality of the thieves is unknown, they are thought to originate from outside of Bangladesh.
Suggestions from security analysts indicate that the hack would have required intimate knowledge of the Bangladeshi bank’s internal systems, so it’s possible someone on the inside was either involved, or that the bank’s information was otherwise compromised.
Editors' Recommendations
- What is Google Pay, and how do you use it?
- Hacked Call of Duty: Warzone players getting locked out of their own accounts
- PayPal vs. Google Pay vs. Venmo vs. Cash App vs. Apple Pay Cash
- How to unlock a phone on every carrier in 2020
- How to secure your Alexa device
