Hackers' spelling mistake foils $1bn heist at Bangladesh Central Bank
A spelling mistake in an online bank transfer instruction helped prevent a nearly $1bn heist last month involving the Bangladesh central bank and the New York Federal Reserve, banking officials said.
Unknown hackers still managed to get away with about $80m, one of the largest known bank thefts in history.
The hackers breached Bangladesh Bank's systems and stole its credentials for payment transfers, two senior officials at the bank said.
They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh Bank's account there to entities in the Philippines and Sri Lanka, the officials said.
Four requests to transfer a total of about $81m to the Philippines went through, but a fifth, for $20m, to a Sri Lankan non-profit organisation was held up because the hackers misspelled the name of the NGO, Shalika Foundation.
Hackers misspelled "foundation" in the NGO's name as "fandation", prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction, one of the officials said.
The unusually large number of payment instructions also raised suspicions at the Federal Reserve, which also alerted the Bangladeshis, the officials said.
The details of how the hacking came to light and was stopped before it did more damage have not been previously reported.
Bangladesh Bank has billions of dollars in a current account with the Fed, which it uses for international settlements.
The transactions that were stopped totalled $850m -$870m, one of the officials said.
The hacking happened sometime between February 4 and 5, over the Bangladeshi weekend, which falls on a Friday, the officials said.
Experts could tell that the attack originated outside Bangladesh, they said.
Bangladesh Bank has said it has recovered some of the money that was stolen, and is working with anti-money laundering authorities in the Philippines. The bank suspects money sent to the Philippines was further diverted to casinos there, the officials said.
The Philippine Amusement and Gaming Corp, which oversees the gaming industry, said it has launched an investigation.