Apart from finding the involvement of at least 20 foreign national, Bangladesh investigators have not got any major lead over the heist of the central bank’s reserve.
On Thursday (Jan 10), a court in Philippines found a former bank manager guilty on eight counts of money laundering, the first conviction in one of the world's largest cyber heists, in which $81 million was stolen from Bangladesh's central bank nearly three years ago.
Maia Deguito, a former branch manager at Manila-based Rizal Commercial Banking Corp (RCBC), has been sentenced to a jail term ranging from 32 to 56 years, with each count carrying four to seven years.
Bangladesh is, however, yet to charge anyone. Investigators say that they are taking time as it is a “complex case involving citizens of several countries.”
On Feb 4, 2016, unidentified hackers, using fraudulent orders on the SWIFT payments system, stole as many as $101 million from the Bangladesh Bank’s account kept at the Federal Reserve Bank of New York in one of the world’s biggest cyber-heists.
Of the stolen money, the central bank managed to recover $20 million transferred to Sri Lanka.
But $81 million was sent to accounts at Manila-based Rizal Commercial Banking Corp (RCBC) and then disappeared into the casino industry in the Philippines.
In March 2016, the Bangladesh Bank started a case under the money laundering laws, which is being investigated by the CID’s Organised Crimes Division,
“We have no new updates for the time being,” CID Special Superintendent Mollah Nazruld Islam told Bangla Tribune.
According to people familiar with the probe, at least 20 people from Philippines, Hong Kong, Macau, China, Sri Lanka, Egypt and Singapore have been identified with cooperation from the US Federal Bureau of Investigation (FBI).
Investigators have written to the law enforces in the concerned countries through the Bangladesh missions, but yet to get any response, said officials.
Sources said that the investigators are yet to find whether any Bangladeshi national was involved in the scam.
About $15 million recovered from a gaming junket operator has been returned to Bangladesh, with a further $2.7 million frozen by the Philippines court.
Bangladesh has been able to retrieve only about $15 million, mostly from a casino junket operator.
Another $17 million has been traced to money remittance company Philrem. The Anti-Money Laundering Council in the Philippines has confiscated the fund and a lawsuit is ongoing.
A further $29 million has been traced to Casino Solaire, now frozen by the Philippines court in a pending case. The remaining $14 million is yet to be traced.
On Sept 6 this year, the US government alleged in a court complaint that a North Korean hacker was behind breaking into the Bangladesh Bank’s system.
Park Jin Hyok worked as part of a team of hackers, also known as the Lazarus Group, to try to breach multiple other US businesses, according to the complaint filed in the US court.
In 2016 and 2017, Park's targets included defence contractor Lockheed Martin Corp. The complaint said there was no evidence Lockheed was breached.
The US Treasury Department has imposed sanctions against Park and the Chinese-based front company he worked for, Chosun Expo.
Park has been charged and sanctioned by the US government in the 2017 global WannaCry ransomware cyberattack and the 2014 cyberassault on Sony Corp, according to US officials.
Bangladesh Bank, finance and law ministry officials are visiting New York this week for talks to try and move forward the recovery process.
The central bank Financial Intelligence Unit’s chief Abu Hena Mohd Razee Hossain, who is now in the US, told Bangla Tribune earlier in the week that they will open discussion with at least two law firms over suing the parties involved, which has to be filed before Feb 3 in line with international laws.