5/3/23, 3:13 AM The Bangladesh Bank Cyber Heist: One of The Largest Bank Robbery in the History - Business

History - Business Inspection BD

Search here..

The Bangladesh Bank Cyber Heist: One of The

REPORT

You may be used to seeing stories like robbing money from the vault in movies or TV
Series like The Bank Job, Money Heist, and The Vault. However, such incidents are
happening not only in TV series or movies but also in reality. Even you might be surprised
to know that, If “Bangladesh Bank Cyber Heist” were executed successfully in 2016, it
https://businessinspection.com.bd/the-bangladesh-bank-cyber-heist/ 1/10
5/3/23, 3:13 AM The Bangladesh Bank Cyber Heist: One of The Largest Bank Robbery in the History - Business Inspection BD

would have been the largest bank robbery in the world. At this heist, initially, they have
targeted $1 billion. Still, in the end, they had been able to fly away with only $81 million
that is undoubtedly the world’s largest bank heist in the history of modern time. More
interestingly, in the first place, without taking proper steps to recover the robbed money,
Bangladesh Bank hired a US-based IT firm to erase all the traces of the incident. But if
such an incident had taken place in places like  New York, London, Singapore, or Dubai,
not in Bangladesh, Hollywood would have made a blockbuster movie about it.

According to a BBC report, the hackers’ initial plan was to steal $1 billion from Bangladesh
Bank’s reserve. However, their plan failed and only managed to steal $81 million but in a
developing country like Bangladesh, where one-third of the total population still spends a
day with less than $2,  $81 million is a tremendously large amount. But according to a
report of Prothom Alo, at that time former governor of Bangladesh Bank wanted to cover
up such a significant theft. On the other hand, according to a report in the Daily Star, as a
result of a five-year investigation, the CID identified 40 people from six countries
worldwide who actively participated in the theft. The matter came up in the world media
when Bangladesh Bank filed a case in the court of the Philippines for the return of the
stolen money. When the domestic media was unaware of this, the international press
started featuring the theft of Bangladesh Bank reserves. 

Like many other country’s central banks, Bangladesh Bank also has an account with the
Federal Reserve Bank of New York in the USA. Usually, the country’s reserve money is
kept in this account for additional security and maintaining international transactions. The
Federal Reserve Bank deposits the reserves of Bangladesh in dollars and gold in their
vaults. And the method used for money transactions in this account is called SWIFT a
military-level secure system. Globally, this network system handles on average 35 million
financial transactions per day. To conduct all the transactions, Bangladesh Bank uses an 8
or 11 digit SWIFT code. SWIFT primarily transact payment order from one account to
another account rather than sending or receiving money. Unfortunately, despite such tight
security, a group of hackers sucessfully breached the system in 2016.

https://businessinspection.com.bd/the-bangladesh-bank-cyber-heist/ 2/10
5/3/23, 3:13 AM The Bangladesh Bank Cyber Heist: One of The Largest Bank Robbery in the History - Business Inspection BD

How the SWIFT System Works

Although the incident occurred in 2016, the hackers were made plans and prepared for a
very long time. A malicious e-mail started the whole story. In January 2015, an anonymous
person named Russell Ahlam sent a job-seeking application via email to the authority of
Bangladesh Bank, where a CV and a cover letter were attached. But, it was not a regular
job application, a malware was linked with the file later that helped them to enter into the
central bank’s computer system. During the investigation, they found out that three people
fell for the trick and downloaded the attached file. After a while, the malware started
installing on the computer system of the Central Bank of Bangladesh. Although hackers
were able to enter the computer system for the first time, they did nothing but gaining
access to the system. 

The hacker team used a bank account in the Philippines to transfer money. It was logical
for them to open accounts in the Philippines because exploiting the loophole of privacy
makes it very easy to conduct illegal activities such as money laundering, terrorist funding.
The hackers opened four fake accounts, which they used to traffic the looted money. To
open a bank account, a casino owner in the Philippine capital Manila uses his former
friend Maya Digito, manager of the Jupiter Street branch of Rizal Commercial Banking
Corporation, who unknowingly got involved in the world’s biggest bank robbery. According
to Routes, they opened these four accounts with only $500, and these were dormant for
nine months. 

The hacker team exploits the time difference of Bangladesh, New York, and the
Philippines and the weekend gap to create an excellent blueprint of the complete robbery;

https://businessinspection.com.bd/the-bangladesh-bank-cyber-heist/ 3/10
5/3/23, 3:13 AM The Bangladesh Bank Cyber Heist: One of The Largest Bank Robbery in the History - Business Inspection BD

they took 5 days to execute the whole plan. Now let’s move to Bangladesh Bank, in 2016,
on the 10th floor of Bangladesh Bank. In a highly secured room, there is a printer that
played a pivotal role in the heist. It is hooked to the SWIFT system and instructed to print
real-time multi-billion dollar transaction records. According to an Al Jazeera documentary,
on February 4, 2016, the printer started showing some technical glitch at the last minute of
working hours. The bank director noticed that the printer tray was empty, which made him
a little anxious. Bangladesh Bank staff noticed that some of the printer’s software files
were missing or altered on the bank’s computer. The printer often had various technical
glitches, so the bank director did not bother and shut down the printer. But this technical
glitch was the first sign that Bangladesh Bank’s billion dollars are in danger. The hackers
intentionally deleted all confirmation messages from the SWIFT database, crashing the
entire program on the automatic printer. Bangladesh Bank was also closed the next day
as Friday was a weekly holiday. On the other hand, although the weekly holiday in
Bangladesh is Friday and Saturday, the weekly holiday in the USA is Saturday and
Sunday. As a result, Bangladesh Bank authorities got to know about the hacking of their
banking system after three days.

While Bangladesh was asleep, it was still morning in New York, and at that time, the
hackers tried to carry out this notorious cyber heist. They entered the SWIFT system and
created 35 payment requests with a total amount of about $1 billion. Fortunately, 30
payment orders went to the manual review of the Federal Bank’s automatic system in New
York.

35 payment requests was created with a total amount of about $1 billion

https://businessinspection.com.bd/the-bangladesh-bank-cyber-heist/ 4/10
5/3/23, 3:13 AM The Bangladesh Bank Cyber Heist: One of The Largest Bank Robbery in the History - Business Inspection BD

The authorities noticed that the payment orders were huge, and the most crucial part is
those were not made by any organization but by personal accounts. This large amount
raises several red flags, so The authorities tried to contact the Bangladesh Bank, but they
didn’t get any response because it was the weekend in Bangladesh. Due to that reason,
the Federal Bank decided to hold $870 million transactions. However, the hackers made a
few silly mistakes in the plan, but luck also played a significant role in this bank robbery.
Using the system, hackers had made a payment order from a bank account of the Jupiter
Street branch in the Philippines that luckily matched an oil tanker named Jupiter which
previously violated US authorities’ sanctions against Iran. But the tanker had nothing to do
with the bank robbery. The administration of the Federal Bank stopped million dollars
transactions for having a similar name. Bangladesh Bank survived a major disaster due to
the coincidence. However, hackers still managed to steal a large amount of money. 

Meanwhile, they wired  $20 million from the Philippines bank account to  Sri Lanka’s Pan
Asia Bank in the name of the Shalika Foundation. Pan Asia Bank’s authorities were
shocked to know that Bangladesh Bank authorized $20 million for a small NGO. That
became suspicious to them, and they referred it to Deutsche Bank, a German-based
routing bank. Deutsche Bank found a silly spelling mistake, blocked the transaction, and
sent a notice to Bangladesh Bank seeking clarification. Hackers misspelled Shalika
Foundation. Later found out that this account was also fake. And Bangladesh Bank was
later able to recover the entire $20 million sent to Sri Lanka.

On Sunday morning, when the employees returned to the office, they rebooted the
machine within the first official hour. When urgent messages and massive payment
records coming out of the printer, panic ensued inside the bank. The Bangladesh Bank
authorities tried to communicate to stop the transaction on an urgent basis after what had
happened. Meanwhile, Bangladesh Bank did not receive any response from the Federal
Reserve Bank of New York as it was a weekly holiday in the USA. That was part of the
hackers’ initial plan that adds a few extra hours to wire the money from the Bangladesh
Bank account to the Philipino Bank Account. 

Let’s get back to Manila, Philippines, 3516km away from Bangladesh. Monday 8th
February, the hacker group deposited $81 million to the 4 RCBC bank accounts made in
2015. It was the Lunar New Year, a huge national holiday for the Chinese. Bangladesh
bank tried to send messages to block the transaction, but Phillippine was in a festive
mood. But that was not possible because of their national holiday.

https://businessinspection.com.bd/the-bangladesh-bank-cyber-heist/ 5/10
5/3/23, 3:13 AM The Bangladesh Bank Cyber Heist: One of The Largest Bank Robbery in the History - Business Inspection BD

The hackers were entirely professional con artists; they had been aware of the difficulties
of communications among Bangladesh, the Philippines, and the USA. They also had a
depth knowledge of the money laundering Act of the Philippines, they knew the
Philippines’s money laundering act doesn’t include casinos, so they strategically used that
loophole. After that, Federal Reserve Bank transferred $81 million from Bangladesh Banks
account to the Kim Wanges 4 accounts. Later, they split all the money to a remittance
company called Phill Ram. Then, according to an Al-Jazeera report, they converted the
money into hard cash within ten days by sending them to a Philippines casino called
Solair in Manali. 

When the Bangladesh Bank authority took the initiative to bring back the looted money
from Philipines, it was not an easy task for them at all. Due to the Bank secrecy act of
Philipines, they could not be able to trace the cash flow. They didn’t even got Kim Wang
and Phill Ram’s bank statement. According to Senate Inquiries, Switzerland, Lebanon,
and the Philippines maintain the world’s most strict banking secrecy. If they had provided
the proper documents to the investigators, Bangladesh would not have to lose $81 million.

Al Jazeera’s documentary shows that the Philippines official senate published they have
been able to recover $15 million. The anti-money laundering council of the Philippines
confirmed that Phill Ram still holds $17 million, but the company denies all the allegations.
And $50million directly landed on the desk of casino and gambling Junket. Bangladesh
has never been able to get the remaining money. Bangladesh authority made a proper
plan to catch true culprits. Who made fake accounts on RCBC bank to wire stolen money.
But, before getting caught, they made their way to Macau. 

According to the BBC podcast, the FBI team of Los Angeles found that the embedded
computer code was in the Korean language and IP address matched to North Korean IP
addresses. FBI investigation came up with an interesting fact that the hacker group called
Lazarus hacked Sony Picture in 2014 using the same email address and social media
profiles. The group is patronage by the North Korean Government. A man named Park Jin
Yhok leads this hacker group. But North Korea denies all the allegations and blames the
United States for the defamation. It was not the first time North Korea is doing such a
heinous crime; they have done it before. In 2016, North Korea tried to steal millions of
dollars from Taiwan’s Far Eastern International Bank using the SWIFT payment system. In
the same year, the group took control of one of the Russian Bank’s computer systems. 

According to a BBC report, in 2018, Park was charged with one count of conspiracy to
commit computer fraud and one count of conspiracy to commit wire fraud. As a result, 20

https://businessinspection.com.bd/the-bangladesh-bank-cyber-heist/ 6/10
5/3/23, 3:13 AM The Bangladesh Bank Cyber Heist: One of The Largest Bank Robbery in the History - Business Inspection BD

years of imprisonment sentence watch given to him.  He is one of the few talents North
Korea has cultivated since childhood to become a cyber warrior.

20 years of imprisonment sentence

After this incident, the Bangladesh Bank governor had to resign from his position, as he
did not inform the finance minister about the gigantic cyber heist. Bangladesh Bank hired
a private IT firm to erase all the traces of the massive theft. The governor at that time and
high-ranking officials knew what was happening inside the bank but were silent during the
whole investigation. When the CID inquiry team took the matter into their hand, they found
the former governor and senior official equally responsible for removing theft data. 

The cyber heist of Bangladesh Bank was a warning to the whole world. In the future,
robbers wouldn’t need to break the bank’s vault to steal money. To prevent such crimes,
banks need to cope up with advanced technology and security systems. 

https://businessinspection.com.bd/the-bangladesh-bank-cyber-heist/ 7/10
5/3/23, 3:13 AM The Bangladesh Bank Cyber Heist: One of The Largest Bank Robbery in the History - Business Inspection BD

বাংলাদেশ ব্যাংকের রিজার্ভ চু রি | The Bangladesh Bank Heist

Previous: History of Bata & Bata Shoe Company Bangladesh Limited Operations & Future

Next: The Role of MFS: Transparency & Accountability in Government Aid Disbursement

Leave a Comment
Most Recent

Report

The Journey & Operation of Newness

Report

Why JDM Car Is Still Popular in Bangladesh

Name *
Report

Lack of Playground in Dhaka City: Why Dhaka

https://businessinspection.com.bd/the-bangladesh-bank-cyber-heist/ 8/10
5/3/23, 3:13 AM The Bangladesh Bank Cyber Heist: One of The Largest Bank Robbery in the History - Business Inspection BD

Report
Website
Prospects and Challenges of InsurTech in
Bangladesh
Save my name, email, and website in this browser for the next time I comment.

Industries
Post Comment
Fisheries Industry In Bangladesh: Current
Trends and Future Opportunities

Why Failed

Why Bangladeshi Search Engine “Pipilika”

Report

Hi-Tech Parks In Bangladesh: Present

Others Pages
About Us
Contact Us
Careers

Support Links
Privacy Policy
Terms of Use
Our Team

https://businessinspection.com.bd/the-bangladesh-bank-cyber-heist/ 9/10
5/3/23, 3:13 AM The Bangladesh Bank Cyber Heist: One of The Largest Bank Robbery in the History - Business Inspection BD

© BU S I N ESS INSPE CTION 2023. ALL R I G H T S R E S E RV E D .

https://businessinspection.com.bd/the-bangladesh-bank-cyber-heist/ 10/10