Last month, some unknown hackers broke into Bangladesh's central bank, obtained credentials needed for payment transfers and then transfer large sums to fraudulent accounts based in the Philippines and Sri Lanka. But…
A single spelling mistake in an online bank transfer instruction prevented the full theft, according to Reuters.
Here's what actually was happened:
Nearly three dozen requests hit the Federal Reserve Bank of New York on 5 February using the Bangladesh Bank's SWIFT code, out of which four resulted in successful transfers, for a total value of about $81 million.
However, when the hackers attempted to make their fifth transfer of $20 Million to a Sri Lankan non-governmental organization called the Shalika Foundation, they made a typo by attempting a transfer to the Shalika "Fandation."
Staff at Deutsche Bank, which was involved in routing funds, spotted this spell error and got asked the Bangladeshis for clarification on the typo. The Bangladesh bank then canceled the remaining transfers.
The Federal Reserve Bank of New York also queried the Bangladesh central bank after spotting a large number of transfer of funds to private accounts at around the same time.
The hackers, who are still unknown, had been attempting to steal a further $850 Million from the Bangladesh government's reserve account, but a typo in the requests prevented the full theft.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
The $81 Million of transfer that was successfully made has not been recovered, but the typo saved the Bangladeshis because if all the fund transfers were made successfully thieves would have made off with $950 Million.
The attack happened between February 4th-5th and originated from outside the country. Moreover, the hackers are still unknown, and officials said there is not much hope of catching them.
Meanwhile, the Bangladesh central bank says the Federal Reserve should have stopped the transactions. The bank is planning to file a lawsuit against the Federal Reserve in order to recover some of the funds that were lost.