The head of Bangladesh’s central bank, Atiur Rahman, has resigned after cyber-thieves stole more than $100m from the country’s foreign currency reserves.
Mr Rahman submitted his resignation to Prime Minister Sheikh Hasina after it emerged that unknown hackers had stolen the money from the bank’s account with the Federal Reserve Bank of New York.
The theft happened in February, but Mr Rahman did not tell the government.
Finance Minister A M A Muhith said he had learnt of it from press reports.
According to media reports quoting banking officials, the gang behind the raid used stolen credentials to make requests to transfer cash look legitimate.
If all the requests had gone unchallenged, the gang would have got away with about $1bn.
However, the transfers were stopped when the volume of requests raised suspicions at other banks.
To commit the attack, the gang spent time studying the internal processes of Bangladesh’s central bank, so they could convincingly pose as officials when requesting the transfers.
However, the sheer number of transactions and a spelling mistake helped alert bank staff to the theft.
The spelling mistake in the name of one recipient of funds led Deutsche Bank, which was helping to route the cash, to ask for clarification from the central bank, which then stopped the transaction.
At about the same time, the Federal Reserve Bank of New York had alerted the Bangladesh central bank to a series of suspicious requests to transfer money. The requests are believed to have been flagged because they were to private accounts rather than other banks and because there were so many of them.
The money that the hackers did steal ended up in accounts in Sri Lanka and the Philippines.
Part of the money was recovered from Sri Lanka, but the rest was laundered through casinos in the Philippines. The central bank said it was working with authorities there to recover the remaining amount.
Bangladesh’s government has publicly blamed the New York Fed for not spotting the suspicious transactions earlier.