Introduction
The 2016 Bangladesh Bank Heist stands as one of the most notorious cyberattacks, exposing
weaknesses in the global financial system. In February 2016, hackers sought to fraudulently
transfer nearly $1 billion from the Bangladesh Bank’s account at the Federal Reserve Bank of
New York. This case study delves into how cybercriminals took advantage of security flaws
to execute a major financial cybercrime. It analyzes the techniques used, the impact on the
banking industry, and the insights gained to improve cybersecurity in financial institutions.
Background Information
Weaknesses in global banking security were exposed in 2016 when hackers executed a highly
sophisticated cyberattack. By deploying malware and social engineering tactics, they
breached Bangladesh Bank’s system and infiltrated the SWIFT (Society for Worldwide
Interbank Financial Telecommunication) network. With unauthorized access, they issued
fraudulent transfer requests to the Federal Reserve Bank of New York, attempting to redirect
millions to accounts in the Philippines. This incident underscored the evolving threats facing
financial institutions and the urgent need for stronger cybersecurity defenses.
According to the US Federal Bureau of Investigation (2016), This cybercrime was linked to
the attack by the Lazarus Group, a cybercriminal organization believed to be backed by North
Korea. This group has been associated with multiple high-profile cybercrimes, including the
2014 Sony Pictures hack. The attackers planned the heist meticulously over several months,
using malware to monitor banking operations and identify security gaps.
The heist had significant consequences, including financial losses for Bangladesh Bank and
reputational damage for multiple institutions. The Federal Reserve Bank of New York came
under examination for its transaction verification protocols, while weak anti-money
