The chief of Bangladesh’s central bank has resigned after losing $101 million in a bank heist that spanned at least four countries and raised questions over the international banking system’s vulnerability to cyberattack.
A spokesman for Prime Minister Sheikh Hasina said the resignation of Bangladesh Bank Governor Atiur Rahman was accepted on Tuesday.
Bank robbers successfully made five transfers out of Bangladesh Bank’s account at the New York Fed in early February.
The request appeared to come from a Bangladesh server, and the thieves supplied the correct bank codes to authenticate the transfers, the New York Fed said.
Officials in Bangladesh suggested that hackers were to blame. The New York Fed maintains that it was not hacked.
Spoofing servers is a common technique that hackers use to steal money and hide their tracks. It’s akin to placing a phone call using a number from another area code — your call could be coming from Los Angeles but appear to be coming from Chicago.
It’s unclear how the robbers obtained the correct bank codes, however.
Most of the stolen funds ended up in accounts located in the Philippines, while roughly $20 million went to Sri Lanka.
Bangladesh Bank said it has recovered all the money it lost to Sri Lankan accounts, and was “working closely” with authorities in the Philippines to recover the remaining funds.
The robbers tried to steal $850 million more, but the New York Fed denied those transactions. It’s not clear why the $101 million in Bangladesh Bank funds was allowed to be transferred to third-party accounts in foreign countries.
The Bangladesh central bank said it was hopeful that all of the missing funds would be returned
“We are optimistic about recovering the money we lost,” said AFM Asaduzzaman, a spokesman for Bangladesh Bank, prior to Rahman’s resignation.
Rahman could not immediately be reached for comment.
— Roshni Majumdar and David Goldman contributed to this report