Bangladesh has learned a valuable lesson over the past two months: Do. Not. Trust. The. New. York. Fed.
On a quiet Friday morning in early February, a series of instructions using authenticated SWIFT codes was sent to 33 Liberty allegedly from the Bangladesh central bank requesting the transfer of nearly $1 billion from the country’s FX reserves.
Now, the first thing that should jump out at you there is that Friday is a weekend in Bangladesh, a fact which probably should have set off alarm bells. But alas, it didn’t and by the time the hackers who sent the transfer instructions screwed the pooch by spelling “foundation” wrong in one of the requests, more than $80 million was sent to the Philippines where it landed in four accounts and eventually ended up transferred to at least two casinos and one unidentified man “of Chinese origin” who has since been named as a Weikang Xu. For those who might have missed the story, here are our three previous accounts of what is truly a Hollywood-esque plot line:
- Plot Thickens In New York Fed Heist As $30 Million In Cash Said Delivered To Mystery Chinese Man
- The Incredible Story Of How Hackers Stole $100 Million From The New York Fed
- Chinese Hackers Break Into NY Fed, Steal $100 Million From Bangladesh Central Bank
You’re reminded that the stolen funds ended up in the Jupiter Street, Makati City, branch of Rizal Commercial Banking Corp where the branch manager is one Maia Santos Deguito. Here she is: (see article source)
According to testimony from a Rizal executive heard at a Senate hearing in the Philippines late last week, some $427,000 in cash was withdrawn from one of four accounts that received the illicit funds. That money was promptly deposited – into the back of Deguito’s car.
“On February 5 – the day when RCBC said $22 million was put into [the accounts] – Deguito’s assistant, Angela Torres, requested P20 million from the bank’s cash center, which was delivered by armored car,” PhilStar reports. “The teller then put the money in a box, which was brought to Deguito’s office. The branch messenger, a certain Jovy Morales, then looked for a paper bag to put the money in and then brought it to the branch manager’s car.”
Deguito then ignored a direct order from the Bangladesh central bank and the Rizal head office to freeze the accounts. “Instead, she moved the money to a foreign-currency account opened Feb. 5 under the name of Centurytex Trading, a local brokerage firm owned by businessman William Go,” WSJ writes. “$15 million of the stolen money on Feb. 5 was remitted from the account to a local money-transfer company called Philrem [and] then, about another $66 million was transferred to Philrem on Feb. 9.” From there, it found its way to the casinos and to Weikang. Here’s a diagram from FT: (see article source)
Mr. Go is apparently innocent according to a private investigation conducted by Truth Verifier Systems Inc who says the accounts were forged. However, Torres (Deguito’s assisstant) insists that Go picked up cash in a “Lexus SUV” and that he signed the withdrawal slip personally.
Apparently, the hackers used malware to infiltrate the central bank’s computers and monitor daily activity. “They were counting on the likelihood that there wouldn’t be any direct communication between the banks over the weekend,” an official who spoke to WSJ said. And they were correct. As we documented earlier this week, Bangladesh was unable to contact the New York Fed on Saturday and Sunday.
“Bangladesh, including its government institutions and its banking system, is notoriously corrupt and prone to bank frauds, and neither the Bangladeshis nor the Fed have ruled out the possibility the hackers were assisted by someone on the inside,” FT wrote this week. “But there is so far no evidence of an insider, nor do cyber security experts think such a person would have been essential for a crime that could have been committed from outside by sophisticated criminal hackers from eastern Europe or elsewhere.”
What seems likely here is that this is part of something far larger and it could very well be that none of the people along the paper trail (Deguito, Go, whoever was or wasn’t involved at the Bangladesh Bank, etc.) actually knows who is ultimately pulling the strings. The fact that the total request was for nearly $1 billion suggests that whoever is at the end of the rabbit hole here either, i) has their sights set far higher than $80 million, or ii) swung for the fences to ensure they at least got to first base. If it’s the former, then we may see more inadvertent experiments with helicopter money in the very near future – and on a much larger scale.
Now if only physical cash were banned, then the “culprits” wouldn’t be able to launder their illicit proceeds. Hey, wait a minute…
Full article: Mystery Of New York Fed Robbery Has Central Banks Asking Who’s Next (Zero Hedge)