The long-running investigation into the notorious Bangladesh Bank reserve heist of February 2016 has taken a new turn, with police confirming that foreign nationals from at least four countries were involved in the cyber theft.
According to investigators, the Criminal Investigation Department (CID) has found evidence linking citizens of Sri Lanka, the Philippines, China and the United States to the crime. The charge sheet is now in its final stage and is expected to be submitted to court soon, reports UNB.
An official involved in the investigation, speaking on condition of anonymity, told UNB that several then-officials of Bangladesh Bank’s IT division and senior executives also displayed gross negligence. Some even had direct or indirect complicity in the incident.
The official said the theft was carried out by an international hacking syndicate using sophisticated malware, which had been deliberately opened by insiders at the IT department. This enabled the illegal transfer of $101 million from Bangladesh Bank’s account at the Federal Reserve Bank of New York.
The forthcoming charge sheet will include the full report prepared by the Federal Bureau of Investigation (FBI), which contains concrete evidence of foreign involvement. A formal request has already been made to the FBI to share the report.
The heist, which took place on the night of 4 February 2016, remains one of the largest cyber robberies in history. Taking advantage of a weekend banking holiday in Bangladesh and the United States, hackers attempted to steal nearly $1 billion from the central bank’s account at the New York Fed. They succeeded in transferring $101 million.
Of the stolen funds, $81 million was laundered through the Philippines’ casino industry under its banking secrecy laws, while $20 million was sent to Sri Lanka. The Sri Lankan funds were later recovered, but most of the money laundered through Manila remains unrecovered. So far, Bangladesh has managed to recover only about $18 million.
The CID investigation has spanned nearly nine years, involving testimonies from over a hundred witnesses, technical forensics including IP addresses, network logs, banking transaction trails and analysis of the Dridex malware code. Investigators say these efforts have finally identified the individuals behind the cyberattack.
International agencies including the FBI, the Philippines’ National Bureau of Investigation (NBI), and the Central Bank of Sri Lanka have worked with Bangladesh on the probe. The United Nations was also briefed on the methods and money flows involved in the crime.
The case was first filed on 15 March 2016, 39 days after the heist, by Zubair Bin Huda, then Deputy Director of Bangladesh Bank’s Accounts and Budget Department, under the Money Laundering Prevention Act and the ICT Act.
CID officials said the charge sheet is being drafted in a way that ensures the culprits face justice not only in Bangladesh but also at the international level. They expressed hope that the submission of the charge sheet will finally unravel the mystery behind one of the world’s most infamous cyber heists, setting an important precedent for the country’s financial sector.