The $81 Million Mistake—How Human Error Unlocked the Door to the Bangladesh Bank Heist
In February 2016, the world witnessed one of the most shocking cyber thefts in history. Hackers made off with $81 million from the Bangladesh Bank, revealing deep vulnerabilities in the global financial system. While sophisticated cyber tactics played a part, the true enabler of this massive theft was something far simpler: human error.
The Heist Unfolds
The attack began when hackers infiltrated the Bangladesh Bank’s systems, planting malware to observe how the bank processed its transactions through the SWIFT banking network. After months of preparation, they executed their plan: 35 fraudulent transfer requests to siphon nearly $1 billion from the bank’s account at the Federal Reserve Bank of New York.
But a small, almost laughable mistake changed everything.
A $850 Million Typo
One of the fraudulent transfer requests directed money to the “Shalika Foundation” in the Philippines, but the hackers misspelled “foundation” as “fandation.” This simple typo raised suspicions at Deutsche Bank, which was handling the transfer. As a result, $850 million of the requested funds were blocked or returned.
However, $81 million still slipped through, primarily landing in the Philippines, where it was laundered through casinos.
Inside Bangladesh Bank: The Real Mistakes
Human error wasn’t limited to the hackers. Within Bangladesh Bank, several preventable oversights allowed the heist to succeed:
- Weak Cybersecurity: The bank’s systems were inadequately secured, leaving it vulnerable to intrusion.
- A Missed Weekend Alert: The heist took place over a weekend, and when employees returned on Monday, they were slow to detect the fraudulent transfers.
- Cheap Equipment: The bank’s connection to SWIFT was routed through outdated $10 switches, leading to missed alerts that could have flagged the breach sooner.
These seemingly minor oversights culminated in an $81 million disaster.
The Consequences: Who Went to Jail?
While the hackers behind the heist remain at large, two individuals were held accountable:
- Kim Wong, a Filipino casino manager, was arrested for his role in laundering millions of dollars through the casinos. He eventually returned $15 million of the stolen funds and cooperated with authorities, but his involvement landed him in jail.
- Maia Deguito, a branch manager of RCBC (Rizal Commercial Banking Corporation), was also sent to prison. Deguito was found guilty of facilitating the fraudulent transfers by allowing the stolen funds to pass through her branch. She was sentenced to 4–7 years in prison for her part in the laundering scheme. Her role showed how insider assistance can be critical in such large-scale frauds, highlighting the human involvement that enabled the hackers’ plan to succeed.
Lessons from the Heist
The Bangladesh Bank heist serves as a vivid reminder that even the most advanced technology is only as secure as the people managing it. Small human errors—whether a typo, insufficient cybersecurity measures, or insider cooperation—can lead to catastrophic consequences.
As you reflect on this real-life thriller, consider how trust, whether in love or cybersecurity, can be so fragile. In my new book, Encrypted Heart, I explore how both emotions and digital systems can be compromised, and how to protect them. If you’re intrigued by the intersection of romance and cybersecurity, this book is for you.
🔐 Get your copy of Encrypted Heart on Selar here: Encrypted Heart on Selar