The Central Bank of Bangladesh has claimed it has had $100 million stolen through a hack of its account with the United States Federal Reserve.
It’s believed that Chinese hackers were behind the hack and stole the money from the bank’s foreign exchange account at the Federal Reserve Bank of New York on February 5, according to various media reports.
The Federal Reserve Bank’s New York branch holds accounts for over 250 foreign banks, governments, and large financial institutions due to the bank’s high-end security measures.
Bangladesh Bank (the name of the Central Bank) officials said that since their account was hacked and funds stolen, they’ve traced some of the money to the Philippines and were working with local authorities in an attempt to recover funds, which has so far been partially successful.
“Part of the money hacked from Bangladesh Bank’s account in a bank in the United States has been recovered,” the bank said in a statement. “Bangladesh Financial Intelligence Unit is in contact with the anti-money laundering authorities of the Philippines to track down and bring back rest of the money.”
A news outlet in the Philippines confirmed that financial regulators were investigating what could be the single largest money laundering case ever uncovered in the country and that the $100 million was leaked into the Philippine banking system, sold to a black market foreign exchange broker and then transferred to at least three local casinos.
Despite confirmation from multiple countries, the Federal Reserve is denying the hack ever took place, saying in a statement that “to date, there is no evidence of any attempt to penetrate Federal Reserve systems in connection with the payments in question, and there is no evidence that any Fed systems were compromised.”
That said, this case wouldn’t be the first time the Federal Reserve has been hacked, despite their reputation as being one of the most secure banks in the world.
Hacks against the Federal Reserve include a successful hack that involved SQL injections and taking advantage of ColdFusion vulnerabilities in 2012 that resulted in a British man being indicted in 2014, a hack of its website in 2013 exposing thousands of employee records, and another hack in 2015 that saw customers exposed to malware.
As Softpedia points out, if what the Federal Reserve has said holds true, in that there was no detected breach of their systems, “this means that there is also the real possibility of an inside job, with someone from inside Bangladesh’s central bank aiding the hackers.” That’s a touch conspiratorial at this point, but given the nature of the Fed’s security it’s also not beyond the realms of possibility.
We’ll keep an eye on the story and if anything new comes up we’ll provide an update.