During the Bangladesh Bank heist in 2015, hackers failed to steal the targeted USD 931 million as they made minor mistakes, according to FBI investigations.
The hackers could steal only USD 81 million through 5 transactions.
Some 35 messages were sent to the New York Federal Reserve Bank with directives to transfer USD 931 million.
The hackers made a minor error. They sent this money to the Jupiter Road branch of RCBC in Philippines. There were hundreds of banks in Manila which the hackers could have used, but they chose the Jupiter Street branch.
In the address used in one of the directives sent to the Fed, the word 'Jupiter' was used. This is the name of an Iranian vessel against which the US had imposed an embargo. So when this name cropped up, immediately an automatic alert was sent to the Fed. The order was stopped. Most of the transactions were not carried out. Only 5 transactions totalling USD 101 million were carried out.
Also, USD 20 million could not be transferred as planned to a charity in Sri Lanka, Shalika Foundation, due to a mistake in the spelling of 'foundation'. This transaction was held up too. So the hackers finally managed to steal only USD 81 million.
Earlier, as part of the design to steal money from the Bangladesh Bank, an innocuous e-mail was sent in 2015 to several officials of the central bank. It was a job application from a certain Rasel Ahlam, and invited the recipients to download his CV and cover letter from a website. In actuality, Rasel did not exist. He was a cover name used by the Lazarus Group.
This was revealed in a BBC report on the 2015 heist of Bangladesh Bank reserves. It said that the North Korean Lazarus Group has begun planning on the heist from way back. They used the fake e-mail to enter into Bangladesh Bank's network, according to FBI investigations.
FBI investigations found that the e-mail was sent to a number of Bangladesh bank officials and at least one of them stepped into the trap and downloaded the link. The e-mail virus entered his computer. Once it entered the bank system, the Lazarus Group secretly went from computer to computer. It began working on the digital vault to all sorts of reserve information.
Then it went silent. Why were they silent for around a year after entering the system? Actually they needed a safe route to get away with the money.
Then the name of Jupiter Street entered the picture. This is a busy area in Manila, Philippines. The country's largest bank RCBC is located there. A few months after the hackers managed to enter the Bangladesh Bank system in May 2015, they opened four bank accounts in this branch of the bank. They used all sorts of fake documents to open these accounts. Somehow this never caught anyone's notice.