The hackers breached the Bangladesh bank's systems, stealing credentials needed to authorize payment transfers from the country's monetary reserves in the Federal Reserve Bank of New York to fraudulent accounts based in the Philippines and Sri Lanka. Before their plan was exposed, the perpetrators swindled the South Asian nation out of approximately $81 million between Feb. 4 and 5, but the damage could have been worse if not for a grammatical slip-up.
After the first four payment transfers were approved, routing bank Deutsche Bank became suspicious when the hackers requested funds be transferred to the imaginary “Shalika Fandation” [sic]. Confused by the misspelling of “Foundation,” Deutsche Bank sought clarification from Bangladesh's bank, which immediately stopped the fraudulent transaction. The Fed also separately alerted Bangladesh due to the anomalous number of payment instructions it had received.Update: Citing Bangladesh bank officials, Reuters reported last Friday that the perpetrators installed malware in the bank's systems and silently lurked for likely weeks while lurking how to manipulate funds. The report also notes that the hackers appear to have stolen the bank's credentials for the SWIFT (Society for Worldwide Interbank Financial Telecommunications) messaging system, a network that banks around the world use to secure financial communications through a standardized system of codes.
Update Mar. 21: Reuters has further reported that the FBI met with Bangladesh police on Sunday, Mar. 20 to help investigate the criminal network behind the heist, which apparently involves suspects in six countries. Meanwhile, Bengali cybercrime expert Tanveer Hassan Zoha, who previously told reporters that he recognized three of the user names involved in the incident, was allegedly kidnapped last Thursday from a motorized rickshaw by unknown assailants, according to the expert's wife.
Finally, it was also reported that former Bangladesh finance secretary Fazle Kabir took over this past weekend as the head of the central bank following the resignation Atiur Rehman, who has been accused of withholding news of the bank heist from government officials.