Bangladesh police launched a criminal investigation on Thursday into the cyber theft of $81mn from the central bank's US account but said it was too early to pinpoint any suspects.
The money was transferred to accounts in the Philippines, and a Senate hearing there was told that nearly half a million dollars was skimmed off and packed into a bank branch manager's car. The bulk went to two casinos and an individual who is believed to be a junket operator.
The heist took place between February 4 and February 5, when unknown hackers breached the computer systems of Bangladesh Bank and attempted to steal $951mn from its account at the Federal Reserve Bank of New York, which it uses for international settlements.
The other transfers were blocked, but $81mn went to accounts in a Manila branch of the Rizal Commercial Banking Corp (RCBC), and was quickly further transferred.
Romualdo S. Agarrado, a reserve officer of RCBC who was at the branch at the time, told the hearing that a withdrawal slip for 20mn pesos ($432,000) from one of the accounts was made out by the manager Maia Santos Deguito herself and cashed.
Agarrado cited her as saying at the time: "I would rather do this than me being killed or my family."
In Dhaka, a central bank spokesman said a police team visited the bank on Thursday to understand the workings of the accounts and budget department and the computer system as they launched their probe.
"We have just started our investigation. It is a bit early to name suspects," a police official said.
The cyber thieves hid their tracks by installing malware that manipulated a central bank printer to hide evidence of the heist, according to a person familiar with an investigation by cyber security experts.
However, the investigators have so far found no evidence of inside involvement in the hacking of the bank's computers, the source said.
Earlier, central bank officials filed a police report that said that a computer and printer the bank used to order SWIFT wire transfers were manipulated so that authorities could not see records of outgoing wire transfer requests or receipts confirming that they had been received.
Details about the issues with the computer and printer were among the first clues to surface as to how the attack was carried out.
A representative from Brussels-based SWIFT, a bank-owned cooperative that runs a secure private messaging system widely used for requesting money transfers, declined comment on Wednesday.
Manager ‘made scapegoat’
In the Philippines, officials have told the Senate committee that the $81mn was wired to four fictitious accounts at RCBC, most of it was subsequently consolidated into one account and was then sent on to a foreign exchange broker called Philrem Service Corp.
From Philrem, more than $30mn was delivered in cash to an ethnic Chinese man who some witnesses said they believed is a casino junket operator in Manila, although regulatory officials told Reuters they had not previously heard of him.
A further $50mn was split between a casino resort and a gaming firm in the Philippines, officials said.
Thursday's hearing focused on the branch manager, who for the most part declined to answer questions from the senators except in camera.
"The 20mn pesos was placed in the car of Ms. Deguito and she drove off with it," RCBC attorney Maria Celia Fernandez-Estavillo told the hearing, referring to details of an affidavit from Agarrado, the reserve officer.
In an interview with a local TV channel before the hearing, Deguito denied any wrongdoing and said she was being used as a scapegoat.
The Anti-Money Laundering Council of the Philippines said complaints have been made against the manager of the RCBC branch and the holders of fictitious accounts into which the money was originally deposited at the branch.
