Hacker's Typo Stopped $1 Billion Bank Robbery, But Thieves Still Made Off With $81 Million

Bangladesh bank hack — Bangladesh's central bank in Dhaka, pictured, is blaming the New York Federal Reserve for a digital bank heist that could have been a lot worse. Reuters/Ashikur Rahman

Who would have thought that breaking into a bank's computer networks and stealing more than $80 million would be the easy part? It looks like that was exactly the case for a group of hackers who managed to get away with just a fraction of the $1 billion they set out to steal, thanks to a spelling error in a financial transfer request.

Last month, a group of unknown hackers committed one of the largest bank robberies in history when they stole $81 million as part of a scheme involving the New York Federal Reserve and the Bangladesh central bank, Reuters reported Thursday. The hackers stole credentials from the Asian bank and inundated the Fed with requests to transfer money out of its accounts to other accounts they set up in the Philippines and one in Sri Lanka belonging to “the Shalika Foundation.”

The total requests added up to nearly $1 billion, but $850 million and $870 million in requested transfers were stopped when officials grew suspicious because “foundation” was misspelled as “fandation.”

The Shalika Foundation, a supposed nongovernmental organization, does not appear to exist at all, Reuters reports.

International officials are still working to clean up the financial mess left by the February breach. Bangladeshi officials admit they have recovered only a fraction of the stolen funds and say there is little hope of apprehending the hackers. The government in Bangladesh is blaming the New York Fed for not stopping the heist sooner, with Finance Minister Abul Maal Abdul Muhith suggesting to Reuters the country may file a lawsuit.

An international team of investigators, including the cybersecurity company FireEye, which has been involved in a number of major breach investigations, is on the case.

This theft comes one year after reports that another group of hackers stole at least $300 million from more than 100 banks in multiple countries across the world. In that case, the hackers used malicious software to monitor activity at each bank via live video feed for months before the theft.