Bangladesh Bank debates lawsuit against Federal Reserve over cyber fraud

The attack which left the Bangladesh Bank's wallet $81 million lighter was caused when the Federal Reserve authorised fake payments.
Written by Charlie Osborne, Contributing Writer

Bangladesh's central bank has sought legal advice after a sophisticated cyberattack resulted in $81 million being stolen from the bank's Federal Reserve account.

According to Reuters, the Bangladesh Bank has hired a lawyer from the United States to provide counsel on the possibility of suing the Federal Reserve Bank of New York, which fell for the cyberattacker's fraudulent scheme and permitted the bank's reserves to be transferred to mule accounts across Asia.

An internal report issued by the Bangladesh Bank in the country's capital, Dhaka, says that the Federal Reserve was negligent and allowing the fake transactions to go through was a "major lapse."

Earlier this month, a group of cybercriminals were able to steal $81 million from funds which belonged to Bangladesh Bank but stored in the Federal Reserve for international transactions.

The group, of which their identity is still unknown, infected the Bangladesh Bank's computer systems with malware able to spy on financial transactions. After a few weeks of spying and learning the system, the attackers made a series of rapid transaction requests to the Federal Reserve with stolen SWIFT credentials. SWIFT is a financial messaging system used by banks worldwide.

Dated March 13, the report says five out of 35 fraudulent payments were permitted, and entities in the Philippines and Sri Lanka received a portion of these stolen funds.

However, the cyberattackers made a simple spelling mistake which flagged up the sixth transactions and blocked the other requests from immediately going through.

If all the transactions were successful, it has been estimated the bank would have lost almost $1 billion.

The loss of the bank's funds prompted the exit of the former head of Bangladesh Bank Atiur Rahman. It has been reported that the 64-year-old executive did not tell the Bangladeshi Finance Minister, A M A Muhith of the fraud, and the incident did not come to light until the media picked up the story.

However, the Bangladesh Bank has not lost hope in recouping its losses. The institution's report states that the financial institution is "preparing the ground to make a legitimate claim for the loss of funds" against the New York Fed "through a legal process."

Following the release of the report and hiring of the US lawyer, US New York Democrat Carolyn Maloney has called for an investigation into the cyber heist. In a statement, the representative said:

"This brazen heist from the Bangladesh central bank's account at the New York Fed threatens to undermine the confidence that foreign central banks have in the Federal Reserve, and in the safety and soundness of international monetary transactions."

Law enforcement and cybersecurity experts are investigating the breach.

10 steps to learn how to hack

Read on: Top picks

Editorial standards