The central bank of Bangladesh has accused the Federal Reserve Bank of New York of a “major lapse” in security that made it possible for hackers to steal $81 million, according to documents obtained by Bloomberg News. It’s the latest development in a sophisticated cyberattack in which unknown perpetrators attempted to steal $1 billion, only to get away with $101 million because of a spelling error. Some $20 million of that amount was eventually recovered.
“We view this as a major lapse on the part of the FRB NY,” states one document prepared by the Bangladesh central bank dated March 13. Bloomberg first published excerpts from the document Tuesday, confirming that Bangladesh is working with lawyers in New York “to establish precise grounds of initiating lawsuits claiming recompense.”
Last month hackers got away with one of the biggest heists in history in a scheme involving the Bangladesh central bank and the Federal Reserve Bank of New York. They stole legitimate login credentials from Bangladeshi officials and, in a barrage of transfer requests, convinced the New York Fed to transfer money from the Bangladesh account in New York to another account, known as “the Shalika Foundation,” in Sri Lanka. The hackers would have made away with nearly $1 billion had they not spelled “foundation” as “fandation,” triggering warnings from the New York Fed.
Documents published Tuesday also show that the banks added additional security features after the money was stolen. At least $81 million was transferred to the Philippines, where it promptly disappeared, and another $20 million meant for a Sri Lankan account was returned when officials there detected the fraud.
The Philippines also filed a money laundering complaint with the U.S. Department of Justice Tuesday against two men with suspected involvement in the heist, Weikang Xu and Kim Wong, the proprietor of Eastern Hawaii Leisure Company Ltd., after the two were allegedly detected making large transfers in the days following the robbery.