Bangladesh has made little headway in five and a half years in recovering $66 million stolen

from the Bangladesh Bank’s New York Fed account in the world’s largest cyber heist in
February 2016.
The hackers managed to transfer $81 million and the money vanished on the casino market in the
Philippines amid the negligence of Rizal Commercial Banking Corporation officials concerned,
according to documents of the case filed by the BB.
Apart from the $81 million which was transferred, another $20 million was released by the US
Fed to a Sri Lankan bank account but the fund was returned due to a spelling error.
Bangladesh has so far managed to get back around $15 million following a Philippines court
order while $66 million is yet to be recovered.
Apart from filing cases with US courts, the BB, keeping the issue under the carpet for more than
a month after the incident, filed a case with the police in March 2016 and the case was later
transferred to the Criminal Investigation Department for investigation. The CID has yet to submit
its investigation report to the court even after receiving time extensions for around 50 times till
now.
On the other hand, a high-powered committee headed by former BB governor Mohammad
Farashuddin was formed to investigate the cyber hacking on March 15 in 2016, 40 days after the
incident took place.
The committee submitted its report to the then finance minister, AMA Muhith, within two and a
half months of its formation.
After more than five years of the report submission, the government has yet to disclose anything
about the committee’s findings and no one was brought to book over the biggest ever cyber
hacking based on the investigation report.
The country’s initial attempts in recovering the stolen reserve money through filing a case with
the United States District Court have not yielded any result.
After the first case was filed in 2019 almost three years after the incident, Bangladesh’s financial
intelligence unit, also known as the BFIU, filed a second case with New York State Court against
17 Philippine entities, including Rizal Commercial Banking Corporation and Bloomberry
Resorts and Hotels Inc, a subsidiary of Bloomberry Resorts Corporation.
Electronic money transfer ended up in Philippines, where it was laundered and transformed to a
cash using casinos. In the Philippines, two Chinese man were held accountable for opening fake
accounts, but they were just middlemen. Still, they were crucial part of further investigation. The
authorities believed that middlemen could lead them to the true culprits, but they fled to Macao
where it was impossible to track them.
Bangladesh’s central bank will send a team of officials to the Philippines on
Tuesday to push for the recovery of more of the $81 million stolen from its account
at the New York Federal Reserve last year and routed through a bank in Manila. The
$15 million that Bangladesh has been able to recover is part of $35 million that
Manila casino boss Kim Wong had told a Philippines Senate inquiry he received
from two Chinese gamblers without knowing it was stolen.
Of the $101 million stolen in the heist, $20 million was recovered from a Sri Lankan
bank, while the remaining $81 million, which landed at RCBC, has yet to be retrieved.

The New York Fed is providing technical assistance to Bangladesh Bank as part of a resolution
and assistance agreement.

"This agreement demonstrates that the New York Fed and Bangladesh Bank are aligned in the
pursuit of recovering the funds and directing litigation against those who were complicit in or
benefited from the fraud," the organizations say in a joint statement. The agreement includes the
Fed committing to "meeting jointly with the relevant agencies or parties in the Philippines to
strongly encourage them to assist in the recovery of stolen funds."

Five years have passed since the central bank's reserve heist but the government's ongoing legal
battle in the US court to recover $66.54 million has not made much progress.

Only $14.61 million out of the $81 million stolen money have been retrieved as yet.

Moreover, the Criminal Investigation Department (CID) has not yet even completed its
investigation into the case filed by the Bangladesh Bank with the Motijheel Police Station
following the reserve theft.

On 4 February 2016, hackers stole $101 million from the Bangladesh Bank's accounts with the
Federal Reserve Bank of New York.

Of the amount, $81 million was transferred to four accounts with the Rizal Commercial Banking
Corporation (RCBC) in Manila and another $20 million to a bank in Sri Lanka.

However, the transfer of $20 million to Sri Lanka failed because of a spelling error by the
hackers. The Bangladesh Bank got back that amount from Sri Lanka.

Later, the Bangladeshi central bank was able to retrieve about $15 million from the amount the
Philippines realised in a fine from the RCBC for its negligence in duty. About $66 million could
not be recovered yet.

The recent report published by the central bank on its measures to recover the remaining $66.54
million says on the process of recovering the heisted money, a "Resolution and Assistance
Agreement" was signed between the Bangladesh Bank and the Federal Reserve Bank of New
York on 29 January 2019.

The Bangladesh Bank filed a lawsuit against seven persons, 20 institutions and 25 anonymous
persons and institutions at the District Court for the Southern District of New York on 31
January 2019, it added.

On 20 March 2020, the court dismissed the case and suggested filing a case in another court.

On 27 May last year, the central bank filed a fresh case with the New York County Supreme
Court against the RCBC and its associates. Eight months have passed since the case was filed,
but it has hardly made any progress.
Bangladesh Bank has filed suit in New York federal court in an attempt to recover $81 million
stolen via one of the biggest online bank heists in history. The New York Federal Reserve is
supporting the lawsuit, including providing technical assistance. But the Philippine bank the
lawsuit targets has dismissed the case as a "political stunt" designed to shift blame.

Bangladesh Bank’s attempts at retrieval

Even prior to the BBC investigation, by 2019, investigating agencies had confirmed that the
money was removed from the Manila banks, after which it disappeared into the casino industry
in the Philippines. The report delves into the complex process of money laundering that was used
by the hackers to break the chain of traceability, for which the destination was Manila’s casinos.
“The idea of using casinos was to break the chain of traceability. Once the stolen money had
been converted into casino chips, gambled over the tables, and changed back into cash, it would
be almost impossible for investigators to trace it,” the report says.
Bangladesh Bank had realised hours after the money was stolen that the massive heist had
happened and began taking steps to retrieve it, a process that was going to be very challenging.
They managed to trace the money to Manila’s casinos and managed to recover $16 million from
one man, the BBC report says. But the remaining $34 million was still disappearing quickly.
Investigators found that much of the remaining money was sent to Macau, another gambling
hotspot, from where it was transferred to North Korea. Investigators found that most of the
hackers involved in the cyber heist and other similar actions that the US regards as cyber crimes,
were based in Chinese border towns near the China-North Korea border.
In 2019, Bangladesh filed a lawsuit in a US court against the Rizal Commercial Banking Corp
(RCBC) over the Philippines bank’s alleged role in the biggest cyber-heist. The RCBC counter-
filed a lawsuit against Bangladesh Bank claiming that its reputation had come under a sustained
“vicious and public attack” by the bank and is seeking at least $1.9 million in damages. The New
York Federal Reserve pledged to help Bangladesh with retrieval of the money but that process is
ongoing with little progress.