LLMpediaThe first transparent, open encyclopedia generated by LLMs

Bangladesh Bank robbery

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Lazarus Group Hop 4
Expansion Funnel Raw 58 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted58
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Bangladesh Bank robbery
Bangladesh Bank robbery
Beyond My Ken · CC BY-SA 4.0 · source
TitleBangladesh Bank robbery
Date2016-02-05 to 2016-02-07
LocationBangladesh; Dhaka, Manila, Kuala Lumpur, New York City, Mumbai
TypeCyber theft, bank heist
TargetBangladesh Bank
PerpetratorsAlleged Lazarus Group, unknown intermediaries, insiders
OutcomeAbout US$81 million stolen; many funds recovered; several arrests and international investigations

Bangladesh Bank robbery.

The Bangladesh Bank heist was a major international cyber theft in early 2016 that targeted the central bank of Bangladesh and exploited the SWIFT interbank messaging system to attempt unauthorized transfers from a reserve account at the Federal Reserve Bank of New York. The incident involved coordinated actions across Philippines, Sri Lanka, United States, United Arab Emirates, India, and other jurisdictions, drawing attention from Interpol, FBI, Europol, and central banks worldwide. Attribution, recovery, and prosecution unfolded over years, implicating state-linked cyber actors, transnational money launderers, and alleged local facilitators.

Background

In the months preceding the operation, Bangladesh Bank maintained a large foreign reserve account at the Federal Reserve Bank of New York. The SWIFT network, administered by SWIFT cooperative, provided standardized messaging used by central banks and commercial banks including Standard Chartered, Deutsche Bank, HSBC, and JPMorgan Chase. Threats to financial institutions had been highlighted by incidents such as breaches at Sony Pictures Entertainment and campaigns attributed to the Lazarus Group—a cyber actor previously linked to operations against Bangladesh. Security researchers at firms like Symantec, Kaspersky Lab, FireEye, and Bae Systems had warned about targeted malware, spear-phishing, and insider risks affecting Bangladesh Bank and regional banks in South Asia and Southeast Asia.

The Heist

On 5 February 2016, attackers used compromised credentials to send 35 fraudulent SWIFT payment orders requesting nearly US$1 billion from the Federal Reserve Bank of New York on behalf of Bangladesh Bank, instructing transfers to accounts in Philippines, Sri Lanka, and elsewhere. Due to a typographical error in one transfer instruction referencing Shalika Foundation instead of the correct beneficiary, several orders were flagged and blocked by Deutsche Bank and the Federal Reserve Bank of New York, reducing the successful theft to about US$81 million. Funds that arrived in the Philippines passed through accounts at Rizal Commercial Banking Corporation and were rapidly converted to cash and prepaid cards via exchange houses and casinos linked to entities such as Jackpot 168 and Casino Filipino. The operation showcased rapid cross-border layering through cash-out hubs including Manila and Kolkata corridors, involving money service businesses and couriers.

Investigation and Attribution

Immediate responses involved the Bangladesh Bank, Federal Reserve Bank of New York, FBI, Bangladesh Police, and international agencies including Interpol and Europol. Forensic analysis by private cybersecurity firms including Bae Systems Applied Intelligence, Symantec, and FireEye linked malware and command-and-control infrastructure to tactics associated with the Lazarus Group, an actor publicly connected to the Democratic People's Republic of Korea (North Korea). Investigators tracked funds to shell corporations such as Asia Exim Bank (Philippines)–linked accounts and remittance networks exploiting lax anti-money laundering controls in the Philippines and Sri Lanka. Authorities in the Philippines executed raids at casinos like Resorts World Manila-linked exchange houses and identified facilitators who converted transfers to local currency and smuggled cash out. The Bangladesh Financial Intelligence Unit and Bangladesh Bank worked with US Department of Justice and Bangladesh Police to trace payment messages, malware footprints, and communications between alleged conspirators.

Financial and Operational Impact

The theft exposed vulnerabilities in payment-message security at major institutions including Bangladesh Bank and raised questions about operational controls at the Federal Reserve Bank of New York and correspondent banks such as Deutsche Bank and Standard Chartered. Immediate losses at Bangladesh Bank totaled about US$81 million, with recovery efforts reclaiming some funds through freezing actions by Bangladesh Police, Philippine authorities, and others. The incident prompted emergency liquidity considerations for Bangladesh and intensified scrutiny by the International Monetary Fund (IMF) and regional central banks. Operational impacts included disrupted reconciliation processes, accelerated cyber incident response investments at central banks, and reputational damage for intermediaries implicated in the cash-out chain.

Prosecutions proceeded across multiple jurisdictions. The Bangladesh Police and Criminal Investigation Department (Bangladesh) arrested local suspects alleged to have conspired with foreign operators to launder proceeds through Manila casinos and money changers. The Department of Justice (United States) filed criminal complaints against named individuals and entities and sought forfeiture of assets traced to the scheme. Philippine authorities charged several casino cashiers, money changers, and remittance agents, while civil suits and law enforcement actions recovered some funds. Attribution to actors linked to North Korea prompted diplomatic friction and discussions at United Nations forums, though criminal prosecution of alleged foreign cyber operators remained limited by jurisdictional constraints and diplomatic considerations.

Reforms and Security Responses

In the aftermath, Bangladesh Bank implemented enhanced authentication, network segregation, and transaction monitoring, while SWIFT upgraded customer security programs enforced across its user community including Central Bank of Sri Lanka and State Bank of India. Global financial regulators including Bank for International Settlements (BIS) and Financial Action Task Force (FATF) issued guidance reinforcing know-your-customer and anti-money laundering controls for high-risk channels like casinos and remittance businesses. Major correspondent banks reevaluated due diligence and anomaly detection, and cybersecurity firms expanded threat intelligence on state-linked campaigns such as those attributed to the Lazarus Group. The case remains a seminal incident in cybersecurity, financial regulation, and transnational law enforcement cooperation.

Category:2016 crimes Category:Cybercrime