A decade after hackers siphoned off US$81 million from Bangladesh’s central bank, Dhaka’s envoy in Manila said the remaining funds laundered through the Philippines could still be recovered, as legal and criminal proceedings continue across multiple jurisdictions.
Bangladesh Ambassador to the Philippines Mohammad Sarwar Mahmood struck an upbeat tone on Monday, citing sustained cooperation with Philippine authorities, particularly the Anti-Money Laundering Council, as efforts continue to resolve one of the world’s most notorious cyber heists.
“I’m not impatient,” Mahmood said on the sidelines of Bangladesh’s national day reception in Manila. “We really appreciate the required cooperation and assistance.”
The February 2016 attack, widely attributed to North Korean-linked hackers, targeted the Bangladesh Bank’s account at the Federal Reserve Bank of New York using fraudulent instructions sent through the SWIFT global payments system. While most of the nearly US$1 billion in attempted transfers were blocked, five transactions succeeded, including US$81 million that was routed to the Philippines.
The funds were deposited into accounts opened under fictitious names at Rizal Commercial Banking Corporation (RCBC) before being converted into pesos and funnelled through local casinos, exploiting regulatory gaps at the time.
Only about US$15 million has been recovered, with the bulk of the funds still unaccounted for nearly 10 years later.
Legal efforts to recover the remaining funds remain active. Bangladesh Bank filed a case in 2020 before the New York Supreme Court seeking compensation and the return of stolen money, alleging that RCBC and other parties were liable for facilitating the transfers. While a U.S. court in 2024 dismissed several claims, it allowed proceedings to continue on key issues, including the recovery of unrecovered funds.
Mahmood said the issue has been raised in recent engagements with Philippine officials, who have pledged continued support. “Concerned authorities of the Philippines are working in this respect,” he said.
The case has also seen parallel developments in Bangladesh, where authorities say investigations are nearing completion. Police have identified dozens of suspects across several countries, including insiders and foreign actors, with a charge sheet expected to be filed soon.
In the Philippines, the scandal triggered sweeping scrutiny of the country’s anti-money laundering regime. Philippine courts have convicted several individuals, including a former RCBC branch manager, over their roles in processing the illicit funds, while the Bangko Sentral ng Pilipinas imposed one of its largest-ever penalties on the bank.
RCBC has consistently denied liability, maintaining it was itself a victim of fraud involving a “rogue employee” and that the breach originated from hackers targeting Bangladesh Bank. The lender has also challenged aspects of the legal proceedings in the United States, arguing against jurisdiction while continuing to defend its position in ongoing litigation.
The heist exposed vulnerabilities not only in Bangladesh Bank’s cybersecurity but also in the global financial system, particularly the reliance on SWIFT messaging and gaps in cross-border regulatory oversight. Investigators later found that malware had infiltrated the central bank’s systems weeks before the attack, allowing hackers to study transaction patterns and execute the transfers at a time when oversight was minimal.
The ambassador spoke during a reception marking Bangladesh’s 55th Independence Day, where he paid tribute to those who fought in the country’s 1971 liberation war and called for deeper ties with the Philippines, including stronger cooperation in finance and governance. Philippine officials at the event highlighted steadily expanding bilateral relations, even as both sides continue to grapple with the long shadow cast by the 2016 cyber heist.
Stay updated—follow Philippines Today on Facebook and Instagram, and subscribe on YouTube for more stories.