How One Hacker’s Flub Saved One Bank $1B


It’s hard to believe that taking the time to double-check spelling could have allowed unknown hackers to pull off a nearly $1 billion bank heist last month.

Officials told Reuters that the spelling mistake put a stop to an online bank transfer instruction for the huge sum involving the central bank of Bangladesh and the New York Fed.

However, the hackers were still able to get away with roughly $80 million, marking one of the largest known bank thefts in history. Bank officials said that the hackers first gained unauthorized access to Bangladesh Bank’s systems in order to steal its credentials for payment transfers then sent nearly three dozen requests to the Federal Reserve Bank of New York in an attempt to move money from the Bangladesh Bank’s account to overseas accounts.

While four requests, which totaled nearly $81 million, were successfully transferred to entities in the Philippines, a typo held up a fifth request for a transfer of $20 million to a Sri Lankan nonprofit organization, Reuters reported.

The misspelling of “foundation” as “fandation” raised a red flag for routing bank Deutsche Bank, causing it to reach out to the Bangladesh central bank for clarification and then stop the transaction, officials told Reuters.

The bank also confirmed that it has since recovered some of the money stolen and continues to work with anti-money laundering authorities in the Philippines. Officials estimate that the value of the attempted transactions that were actually stopped totaled anywhere between $850 million and $870 million.

It was later reported that the Mandiant forensics division of cybersecurity firm FireEye is helping to investigate, according to people familiar with the matter. The company was supposedly recruited by World Informatix, the firm currently advising Bangladesh Bank on the investigation.

The sources, who asked to not be identified by Reuters, also confirmed that the U.S. government has offered its assistance in investigating the hackers behind the heist.