How a simple spelling mistake helped stop a $1bn digital bank heist

E-Paper | June 17, 2026

It was just a few letters off: Someone misspelled “foundation” as “fandation” on an online payment transfer request. But that simple typo helped stop hackers from getting away with a nearly $1 billion digital heist last month, Reuters reports.

Hackers broke into the Bangladeshi central bank’s computer systems, according to anonymous officials at the financial institution cited by Reuters, stealing the credentials needed to authorize payment transfers. The attackers used the stolen information to ask the Federal Reserve Bank of New York to make massive money transfers — nearly three dozen of them — from the Bangladeshi bank’s account with the Fed to accounts at other financial institutions overseas.

Four transfers to accounts in the Philippines, totaling abut $80 million, worked. But then a fifth request, for $20 million to be sent to an apparently fictitious Sri Lankan nonprofit, was flagged as suspicious by a routing bank due to the “fandation” error.

The Bangladesh central bank was able to stop that transaction after the routing bank asked for confirmation. “The Sri Lankan bank did not disburse it immediately, and we could recover the full amount,” the central bank told the Financial Times.

The requests waiting to be processed — amounting to a total of between $850 million and $870 million, according to an unnamed official cited by Reuters — were also halted. So if it weren’t for that typo, the attackers may have escaped with an even bigger payday.

Bangladesh’s finance minister has blamed the incident on the Federal Reserve and said his government will “file a case in the international court against” the financial institution, according to local outlet the Dhaka Tribune.

A New York Fed spokesperson denied the accusation, telling The Washington Post in a statement that “there is no evidence of any attempt to penetrate Federal Reserve systems in connection with the payments in question” or that the institution’s systems were compromised. According to the spokesperson, the payment instructions were “fully authenticated” using standard methods.

“The Fed has been working with the central bank since the incident occurred and will continue to provide assistance as appropriate,” the spokesperson said.

Bloomberg-The Washington Post News Service

Published in Dawn, March 13th, 2016

Our readers are at the heart of everything we do.
Do you have a thought to share or a way we can improve? We’d love to hear it. Reach out to us at feedback@dawn.com.

World

Hackers’ broken English surprises ministry officials

Hacking Team hacked: The Pakistan connection, and India's expansion plan

Pentagon invites hackers to ‘attack’ its websites

N K Ali

Mar 13, 2016 10:10am

That is why proper pronunciation and spelling are very essential to understand what the question and instructions are. Our bankers have to realise the importance of spoken and written English. Salams

Recommend 0

anees from zaida

Mar 13, 2016 10:13am

These hackers need to learn from our politicians - learn how to embezzle, not English.

Recommend 0

Don't ask

Mar 13, 2016 10:23am

So, close!

Recommend 0

A. Khan

Mar 13, 2016 10:29am

Good education is so important. Otherwise invest in spell check software.

Recommend 0

Syed Dilawar M. Shah

Mar 13, 2016 10:41am

Hahaha very well done fandation.

Recommend 0

Farhan Hashwani

Mar 13, 2016 10:49am

100 million is not 1 Billion. infact 1000 million is 1 billion. Farhan Hashwani - from Adelaide Australia

Recommend 0

Arslan Sheikh

Mar 13, 2016 10:51am

Their educational 'fandations' were not so strong. I guess they can now afford good tuition with the stolen money.

Recommend 0

Muhammed

Mar 13, 2016 10:52am

if true - it makes our digital life so scary ? one billion dollar is a whole lot big amount !!!! we all must ensure that we know at least 40% of internet security methods (passowrds, changing them regularly, updating the systems and not to download stuff from internet that is not relevant !!!!!!

Recommend 0

Mar 13, 2016 10:57am

It is a clear message from underworld techies to the governments they can get what they want and besides that they just wanted to show their supremacy which they did with style. 'Fandation' was deliberate not by mistake.

Recommend 0

Skeptic

Mar 13, 2016 11:22am

Nothing more hilarious than a clumsy thief!

Recommend 0

Skeptic

Mar 13, 2016 11:27am

@anees from zaida But those who cannot hack, become Politicians! At least the hacker has some computer skills.

Recommend 0

zak

Mar 13, 2016 11:30am

Could be inside job, how they simply got authorisation data and codes then stole. Something fishy. Must have been destined for swiss banks, where politicians and leaders hide their money.

Recommend 0

SKZ

Mar 13, 2016 11:44am

@zak ..You are right... and most of our politicians are not well educated and one can expect the spelling mistakes from them..

Recommend 0

Sonny Afridi

Mar 13, 2016 11:51am

That would've put a huge dent in their economy. Lucky that the bank notified the BD govt. That's why millions are spent on cyber security

Recommend 0

Philosopher (from Japan)

Mar 13, 2016 11:58am

Don't enjoy what they left should regret what they have earned. Poor internet security.

Recommend 0

Haque Parast

Mar 13, 2016 12:20pm

"Four transfers to accounts in the Philippines, totaling abut $80 million, worked."... abut but not exakt!

Recommend 0

Farhan Kermani

Mar 13, 2016 12:22pm

Its not the spelling mistake that Bangladesh should take a sigh of relief on but think how the same could be prevented in future. Bank heist online could happen again. Put in fool proof measures and sound internal controls.

Recommend 0

Abdulla Hussain

Mar 13, 2016 01:12pm

Just out of curiosity, are such fictitious transfer non recoverable. I am sure the culprits can be apprehended & the amount recovered.

Recommend 0

Shahid

Mar 13, 2016 03:55pm

The person who spelled foundation for fandation should be caught and fined 80m USD and given a jail sentence for such a big spelling mistake.

Recommend 0

Zeezee

Mar 13, 2016 05:07pm

Almost happened with my elder brother here in the UK. He was paying for a property when someone hacked the email. They solicitor received the same mail but the account no. Was different . The solicitor just double checked and found that the account no. was different from the one she thought she had earlier had. The solicitor realised it was a hack into the system and alerted all. Almost £200k would have gone with the wind :p

Recommend 0

Engr.Khan

Mar 13, 2016 06:05pm

Engineers are good at Math and they dont care too much about English....This incident proved that English is as important as Math..:)

Recommend 0

M.Saeed

Mar 13, 2016 09:32pm

There are some genuine mistakes that halt genuine payments. For example, we have genuine spellings of Muhammad, Mohammad and Mohammed, well accepted in the country. Therefore, a person transferring funds to a person with Muhammad in name, might get money held-up under suspense account just because the computer would not accept the different spellings, that people would often write as they are accustomed to write, not noticing the slight difference.

Recommend 0

Ali Dublin

Mar 13, 2016 10:00pm

@Farhan Hashwani ya you didn't read the whole article. Unbelievable, typical, read the whole thing before jumping the guns

Recommend 0

ZAMAN

Mar 13, 2016 10:46pm

A Bangladesjhi data communication engineer experience inSWIFT system suggested that it is unlikely that the transfer had occurred without someone(s) from Bangladesh being physically present in the Bangladesh Bank room where the SWIFT system resides. Chances are that someone around the head person of Bangladesh was involved.

Recommend 0

WAIZ

Mar 13, 2016 10:55pm

@Farhan Hashwani Would you pls also go through the 5th paragrah to understand the one billion dollar heist.

Recommend 0

SMI

Mar 13, 2016 10:58pm

lol how stupid system we have 1. Why there is no verification for such a huge transaction. 2. Why it is difficult to recover such transactions if from and to accounts are known. 3. Why there is no law to request for reverse transaction to receving bank from authorize bank personel for such type of transfer

Recommend 0

ak4pk

Mar 14, 2016 02:32am

But how can such a large sum of money disappear without trace. The money was transferred to a bank account and not on to the back of a truck. There is no reason why the beneficiary account and the account holder cannot be identified. Unless of course the banks are maintaining secretive and untraceable accounts in which case they are aiding and abating crooks. There is no way banks should be allowed to get away with it.

Recommend 0

Naseer

Mar 14, 2016 04:24am

@Farhan Hashwani The attempt was for $1 billion spread over 3 dozen transactions out of which only 4 got thru for $80 million. Read the article again.

Recommend 0

Farhan Hashwani

Mar 14, 2016 12:10pm

@ Nasir - Thanks for correcting me. Farhan Hashwani from Adelaide Australia.

Recommend 0

Maruf Amin

Mar 14, 2016 01:19pm

@Farhan Hashwani they tried to transfer 1billion (1000 million) but failed but they were successfully able to hack 101 Million. Read properly before makkng a comment

Recommend 0

Zak

Mar 15, 2016 01:01pm

I guess in their glee, the person had 'fun' on his mind. Good he did not write ' fundation'.

Recommend 0

Branded Content

K&N's SmartCooking Recipes: Sausage and Bean Soup

A hearty sausage and bean soup brimming with vegetables, herbs and a rich tomato-infused broth.

Why SQD-Mini LED is the display breakthrough we’ve been waiting for?

The display industry is entering a new phase, where reducing trade-offs is as important as pushing performance limits.

The Palms at Silk Gardens introduces a new family address in Karachi

The Palms places families at the heart of its vision, offering thoughtfully planned 2 and 3-bedroom units in a secure, peaceful and community-led environment.