Mystery Of New York Fed Robbery Has Central Banks Asking Who's Next

Tyler Durden's picture

Bangladesh has learned a valuable lesson over the past two months: Do. Not. Trust. The. New. York. Fed.

On a quiet Friday morning in early February, a series of instructions using authenticated SWIFT codes was sent to 33 Liberty allegedly from the Bangladesh central bank requesting the transfer of nearly $1 billion from the country’s FX reserves.

Now, the first thing that should jump out at you there is that Friday is a weekend in Bangladesh, a fact which probably should have set off alarm bells. But alas, it didn’t and by the time the hackers who sent the transfer instructions screwed the pooch by spelling “foundation” wrong in one of the requests, more than $80 million was sent to the Philippines where it landed in four accounts and eventually ended up transferred to at least two casinos and one unidentified man “of Chinese origin" who has since been named as a Weikang Xu. For those who might have missed the story, here are our three previous accounts of what is truly a Hollywood-esque plot line:

You’re reminded that the stolen funds ended up in the Jupiter Street, Makati City, branch of Rizal Commercial Banking Corp where the branch manager is one Maia Santos Deguito. Here she is:

According to testimony from a Rizal executive heard at a Senate hearing in the Philippines late last week, some $427,000 in cash was withdrawn from one of four accounts that received the illicit funds. That money was promptly deposited - into the back of Deguito’s car.  

"On February 5 - the day when RCBC said $22 million was put into [the accounts] - Deguito's assistant, Angela Torres, requested P20 million from the bank's cash center, which was delivered by armored car," PhilStar reports. "The teller then put the money in a box, which was brought to Deguito's office. The branch messenger, a certain Jovy Morales, then looked for a paper bag to put the money in and then brought it to the branch manager's car."

Deguito then ignored a direct order from the Bangladesh central bank and the Rizal head office to freeze the accounts. “Instead, she moved the money to a foreign-currency account opened Feb. 5 under the name of Centurytex Trading, a local brokerage firm owned by businessman William Go,” WSJ writes. “$15 million of the stolen money on Feb. 5 was remitted from the account to a local money-transfer company called Philrem [and] then, about another $66 million was transferred to Philrem on Feb. 9.” From there, it found its way to the casinos and to Weikang. Here's a diagram from FT:

Mr. Go is apparently innocent according to a private investigation conducted by Truth Verifier Systems Inc who says the accounts were forged. However, Torres (Deguito's assisstant) insists that Go picked up cash in a "Lexus SUV" and that he signed the withdrawal slip personally.

Go is now suing both Torres and Deguito.

Apparently, the hackers used malware to infiltrate the central bank's computers and monitor daily activity. “They were counting on the likelihood that there wouldn’t be any direct communication between the banks over the weekend,” an official who spoke to WSJ said. And they were correct. As we documented earlier this week, Bangladesh was unable to contact the New York Fed on Saturday and Sunday.

Bangladesh hired FireEye to investigate the incident. According to what Bloomberg describes as an "interim report," the hackers "sought to cover their tracks by deleting computer logs as they went [and] before making transfers they sneaked through the network, inserting software that would allow re-entry."

The report allegedly describes the operation as something that would normally be the purview of nation-state hackers. "Malware was specifically designed for a targeted attack on Bangladesh Bank to operate on SWIFT Alliance Access servers," Bloomberg quotes the report as saying. "The security breach of the SWIFT environment is part of a much larger breach that is currently under investigation."

Suspect log-ins at Bangladesh central bank began on January 24 and ran through at least February 6, two days after the illicit transfers. "The report," Bloomberg says, indicates that the "hackers have already hit other FireEye clients, though it’s unclear if those include other central banks."

Meanwhile, Bangladesh's finance minister AMA Muhith told the Bengali-language daily Prothom Alo that this was 100% an inside job involving officials at the central bank. He later claimed the daily published off the record comments without his permission. “It has come to light through this interview that I cannot always remain alert because of my age," he said. Muhith has called the central bank "very incompetent" for their handling of the incident.

"Bangladesh, including its government institutions and its banking system, is notoriously corrupt and prone to bank frauds, and neither the Bangladeshis nor the Fed have ruled out the possibility the hackers were assisted by someone on the inside," FT wrote this week. "But there is so far no evidence of an insider, nor do cyber security experts think such a person would have been essential for a crime that could have been committed from outside by sophisticated criminal hackers from eastern Europe or elsewhere."

Bangladesh at least in part blames the Fed. “Since they have asked for your opinion, they should have waited for that," one official told FT, referencing the fact that the Fed asked for clarification on some of the transactions but ok'd them before getting a response. "They could have been patient," the same official said. 

"[The Fed] cannot avoid their responsibility in any way," Muhith says. 

We imagine the well meaning FinMin may be surprised what the NY Fed can and can't do. 

As indicated by the diagram shown above, there's no telling where the money went after the casinos. "It was Chinese new year,” Bloomberry's Silverio Benny Tan said. “So the expectation was for more play, so it was not unusual.” As we mentioned on Wednesday, casinos are not subject to the Philippines anti-money laundering laws (because who would think of laundering money through a casino).

But don't worry, the culprits will soon be ferreted out. How do we know? Because Bangladesh has enlisted the help of the FBI. "We sought the FBI's assistance when a group of FBI met with me for investigating the central bank heist last month," Interior Minister Asaduzzaman Khan told Reuters

What seems likely here is that this is part of something far larger and it could very well be that none of the people along the paper trail (Deguito, Go, whoever was or wasn't involved at the Bangladesh Bank, etc.) actually knows who is ultimately pulling the strings. The fact that the total request was for nearly $1 billion suggests that whoever is at the end of the rabbit hole here either, i) has their sights set far higher than $80 million, or ii) swung for the fences to ensure they at least got to first base. If it's the former, then we may see more inadvertent experiments with helicopter money in the very near future - and on a much larger scale. 

Now if only physical cash were banned, then the "culprits" wouldn't be able to launder their illicit proceeds. Hey, wait a minute...

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
TeamDepends's picture

If it's under your mattress or at the bottom of the lake, some pencil-necked asswipe can't swipe it from the comfort of his basement.

eatthebanksters's picture

Its the North else does Kim-jong Un pay for his hookers?

lakecity55's picture

Kim is too busy reading hitlery's emails to bother with hookers.

knukles's picture

Kim's guys reputedly are some of the best counterfeiters in the world.  They don't need no steenkinig Philippine casinos to get dollars out!  That's where they get them in!

monad's picture

Nah. NK got treasury engraved plates in 1950 when they agreed to play their role in the UN theater.

TheReplacement's picture

Tip of the hat to whomever pulled this off.  They have made a very loud statement about the lack of validity to arguments made for banning cash to stop criminals.

Thank you bad guys.

tarabel's picture



Sadly, your very valid point is going to be buried in the coffin of the 500-Euro note.


Joe Davola's picture

Who's Next - what a great album!

In particular the finale - We won't get fooled again (and again, and again...)  Meet the new boss...

Demdere's picture

Compared to the Pentagon, small stuff, probably, but the Pentagon has even hidden the order of magnitude.

No kidding, the job of hiding a long series of frauds via 9/11 at the Pentagon is very impressive stagecraft.

HardlyZero's picture

Very easy and relatively cost effective to fix this.

Swift will ensure all management with signatory authority must also have a secure pager and a secure laptop.  These Swift authorized management within the Banks must approve all transactions before they are executed.  Expect a primary and redundant, and backup person at each CB to ensure someone authorized and top level is 24/7 available to approve all/any transactions.  Maybe have 4 designated signatory bankers assigned for each bank.  No big deal.  Many businesses already operate this way.  Now Swift will mandate any Swift Bank must have a similar security arrangement 24/7 or they will not be allowed to use Swift at all.


If they 'won't work Friday', then hire some that will, there must be someone in these countries that have different off days for religious or other reasons.


Simple.  Done.


This is really a relatively 'simple' issue to be fixed.  Maybe Swift needs to grow up (soon).

Urban Redneck's picture

There are two types of people in the world: those who actually understand double entry bookkeeping, and those who don't.

The number who actually do understand it is very small, otherwise there wouldn't be so much nonsense about "USD that were sent to the Philippines via SWIFT" and "trillions in money that the Pentagram cannot account for."

Twee Surgeon's picture

I think you do not drink and no disrespect, we are basically always talking about Coupons on Zero Hedge, refined down to it's marrow, that is the conversation, I have a coupon for this, validated by popular Trust, You have a coupon for that. Coupon/ Contract/ Social Agreement, The destruction of the Social Agreement is the Demolishable Contract, lot's of love for your lernins' The Coupons are Paper targets.


Twee Surgeon's picture

In the Brazilian Olympics, the sailing races of small boats will happen in a bay that is an open sewer, The turds, Tampons and Hypodermic needles of every transsexual whore in Rio will be in your tidy and well sponsored sailing suit, a splash in the face of any Sewer Sailor will probably result in Hepatitis X.

Zirca or Zingo Virus, what the F**K ever virus (Look on line for a DNA history of that little shit.) They started the Brazil Olympics, now, they do not want you to go, think about it, do not go to the Brazil Olympics, not like you would if you are a non-troll Z,Hedger, some big Funky shit is going down there.

Where is next ? Brazil and Argy and USA/UK, big shit is coming, watch out for the stars.

Bastiat's picture

But this could never happen to a worldwide digital currency . . . . right?

HardlyZero's picture

...and Denge and Typhoid, and TB.

Twee Surgeon's picture

North Korea is a special op program, They are funded by the deep State, they shoot some missiles and lose a submarine (That will be shooting at Somewhere, soon.) The Norks are Fear Side Show, They have Nukes, Satellites, Rockets, fear them, the Government will protect you, the Stray Submarine will blast San Diego soon or something, China will be offended or something, It is all bull shit, good cop / bad cop, the fuckers get Rice in exchange for their theatrical, corporate, destiny, a zoo of needy worthless half wit C****'S .  The USA top dawgs already admitted that they Fund/ Finance/ Train / Supply ...ISIS.

I do not understand what the question is ?

They support ISIS so they can destroy them, how the fuck is that rational or patriotic?

If you think I'm wrong. have Google, If you think I'm low information dick head, prove me wrong.

The bombs are coming, white man is written on each of them. Sorry if the truth keeps yer crackhead daughter on Tyrone's phallus all night, You have made zero effort to educate yourself so reap as you have sown.

FireBrander's picture

Give me a fucken break.


New Policy.

Last one to hold the money, that we can fuck, gets fucked. Whatever fucken legit bank that last handled cash; ban the mother fuckers...government of that country will get thier shit straight right now or run out of banks to run these scams.

Banning an international bank from the SWIFT system would end this bullshit..,motherfuckers moving money to places where it can't be clawed back...BULL FUCKING SHIT.

FireBrander's picture

This is like Hillary and her fucking emails...she can't directly email, or forward you, classified shit...but she is using a server with pathetic "security"..wink, wink...

NSA stores billions of phone conversations and emails...hackers hack the fuck out of everything...Anonymous digs up Trumps social and phone # in 5 minutes...but no one has a copy of Hillary's emails that were sitting on an unsecure server for YEARS...hog fucking shit.

Urban Redneck's picture

That would involve taking the USD 81M out of Warren Buffet's bank and forcing them to debit their customer ledger for RCBC.

So simple, yet so antithetical to zero-liability oligarch cronyism.

crazytechnician's picture

Their balance was some binary digits in a computer memory chip.

Actual value never existed in the first place.

The whole thing is a fucking illusion.

That balance could be replaced instantly at the press of a couple of buttons - on the right machine.

TeamDepends's picture

Exactly. But the shiny, the Irish whiskey, the freeze-dried pork chops, the shovels, the old hard copies of the Onion, that beautiful old Martin, the heirloom seeds, the '63 Corvette, Grandpa's old hunting rifle and military service memorabilia..... Those things are very real.

crazytechnician's picture

I hate to say it but you left bitcoin off your list. In the future the very best hackers will be the ones that can create more money from thin air and steal it without a Central Bank actually noticing anything has been created or has gone missing. These hackers were amateur and fucked up by leaving a digital balance that showed something was actually missing from the account , if they were really smart they would have created the money themselves and taken it while nobody would have ever noticed.

OpenThePodBayDoorHAL's picture

Sure, Bitcoin is cool, too bad it is controlled from a totalitarian Communist country:

85% of Bitcoin mining including two pools that control > 51% run by individuals who can collude TODAY to do whatever they want;

87% of Bitcoin exchange volume is in China, and;

92% of transactions are in Chinese yuan. LOL you got pwned.


crazytechnician's picture

Such a shame you spent your energy on the bitcoin part of what I said..

But having said that bitcoin solves the problem I have explained.

China  today must be the most Capitalistic country on the planet  - so when you talk of Communism are you speaking of the USSA or the EUSSR ?

OpenThePodBayDoorHAL's picture

Try a contract dispute with a mainland company sometime. LOL

UmbilicalMosqueSweeper's picture

All the old Bolsheviks in backroom bars worldwide tip their glass to you. Stoli, Snake Wine, Napoleon Brandy, or Jim Beam...your choice.


Strelnikov's picture

That's because it was a list of real things.

HRH of Aquitaine's picture

Jesus dude, fucking freeze dried porkchops? Just kill me first.

TeamDepends's picture

Dude, a coupla FDPCs, a twist of "lemon", a splash of 2 year old (or less) doe urine, some pine needles, some rehypothecated govcheese, and some Unicorn Sauce and you are livin' large, post EMP.

Buckaroo Banzai's picture

You had me right up to the doe urine.

Socratic Dog's picture

Throw in a few MILF's like the ones in the pictures....

4freedom78's picture

So the difference in the end is who is able to move this binary digit from the fed to their account with out right but only with strength. Is call bank robbing . Before you need gun. Now you need good hackers and China have developed a Lot of it.

UmbilicalMosqueSweeper's picture

A thief who steals from a thief gets 20 years indulgence.

rahtidmon's picture

Better have something to protect that mattress there fella? just sayin'

Goldbugger's picture

The NYF did it, they will use this event again and blame someone else right before they take this whole thing down and blame someone else.

Theonewhoknows's picture

Talking about Central banks and their idiocy/incompetence: The Reason for negative interest rates is to pay the debt to the FED after 2008 help. The same help that got Bernanke puzzled during his hearing in front of the congress. As he 'didn't remember' how much money European banks got during 2008 meltodown. Now FED is in trouble so EBC is doing everything to look like a trash to give obvious choice fro investors as to where to put their money.

Normalcy Bias's picture

I suppose the Central Banks are going to find out what it's like when NO ONE believes what they say anymore. Tragic...

Temporalist's picture

Clearly moving to a cashless society will be more secure

SunRise's picture

Evidently, the  NY Fed is going cashless anyway.

crazytechnician's picture

They have to go cashless , it's nothing to do with economics or freedom , there simply is not enough trees , or ink.

skinwalker's picture

Bull. Come down to Florida some time. Tree farms as far as the eye can see. 

brooklinite8's picture

So much for security. This is an issue when end to end subject matter experts don't exist anymore. Agile methodology teaches the BA/DA should only work during the requirements gathering phase, QA should work only during the testing. When our skills are broken down there exists very rare employees that either a bank or the corporation has. Some times they don't like that either. Its hard to spot crimes when you are looking at 25% of the picture. The point I am trying to get is with out the red tape most of us tellers or bank employees who must have looked at these requests end to end would have figured it out. Bottom line we need software experts from Fireeye. What kinda bullshit is this.

Socratic Dog's picture

Same applies in tech.  Very few generalists around any more.  It's all specialists, all with a tiny piece of the picture.  Recipe for disaster.  Remember the Mars Lander (?) where the Europeans were working in metric, the Americans in whatever feet/pounds is called, and nobody noticed?  A very expensive oversight.  Nobody was looking at the big picture.

Call in the specialists in Project Management.  Bullshit.  Get a few generalists.

Raging Debate's picture

Brookline - Quit hiring underpaid foreign labor where stealing is everyday part of the caste system. Jobs like this usually require an inside employee and since it was a fairly unsophisticated job, I speculate that is what happened. 

 Also, no need for a privately run Central Bank, the market should set interest rates and Treasury can always be a lender of last resort. It doesnt end corruption but it ends the biggest lobby on earth. 

 There are consequences to destroying the rule of law, and those at the top are simply last in the pecking order of the crocodile. Government needs the citizenship to care about the society. If policy recommendations be them security, economics, justice are ignored, the citizenship checks out and its every man for himself. I pledged allegiance to a Republic, with liberty and justice for all, not a global monarchy. So my loyalty is to myself, immediate family and neighbors. 

 Trade is good but when the political class sells out to other sovereigns, you hedge against the inevitable and increasing nastiness. Best one can do at times.