Bangladesh Bank SWIFT Heist
February 2016
Executive Summary
Attackers compromised Bangladesh Bank's SWIFT terminal and issued fraudulent transfer requests totaling $951M from its account at the Federal Reserve Bank of New York. Most transactions were blocked, but $81M was successfully routed to accounts in the Philippines. The operation demonstrated that the global interbank messaging system could be exploited for state-linked financial theft.
Why This Matters
The Bangladesh Bank heist revealed that the global financial messaging system's security depended on its weakest endpoint, and that state actors would exploit that gap to fund sanctioned programs.
Escalation Profile
7-Dimension Profile
Escalation Ladder
Phases
SWIFT environment compromise
Attackers gained access to Bangladesh Bank's network and SWIFT terminal, studying transfer workflows over several weeks.
Fraudulent SWIFT messages
35 fraudulent transfer requests totaling $951M sent via SWIFT to the NY Fed. Timing exploited the weekend gap between Dhaka and New York.
Partial fund exfiltration
$81M successfully transferred to Philippine bank accounts and laundered through casinos. Remaining $870M blocked by correspondent banks due to anomalies.
Threshold Crossings
- •First confirmed state-linked operation targeting the global interbank financial system
- •Demonstrated that SWIFT endpoint security was a systemic risk across central banks
Restraint Factors
- •A typo in a transfer request triggered manual review, limiting losses
- •SWIFT infrastructure itself was not technically compromised — the endpoint was
Attribution Assessment
Threat actor mapped to North Korea based on infrastructure analysis, malware attribution, and operational patterns.
Evidence: SWIFT: Customer Security Programme overview
- •US DOJ indictment of Park Jin Hyok (Sep 2018, alongside Sony and WannaCry charges)
- •SWIFT implemented mandatory Customer Security Programme (CSP) for member institutions
- •UN Panel of Experts documented DPRK cyber-enabled theft as sanctions evasion
Sources: US DOJ: North Korean Regime-Backed Programmer Charged
- Reuters: How the New York Fed fumbled over the Bangladesh Bank cyber-heist(2016-07-21)
“High Confidence” reflects available public evidence. All assessments carry inherent uncertainty and should be read alongside source material.
Unpeace Position
Unpeace Score
Composite severity rating on the peace–conflict spectrum
Contributing Dimensions
Coercive Function
Hybrid
Combination of multiple coercive functions — blends intelligence, disruption, and economic pressure.
Observed coercive effects
- •First confirmed state-linked operation targeting the global interbank financial system
- •Demonstrated that SWIFT endpoint security was a systemic risk across central banks
Entanglement Risk
Sectors affected
Countries / regions
Impact summary
$81M stolen; $870M in additional transfers blocked; systemic confidence in SWIFT endpoint security shaken.
Infrastructure Meaning
Malware / tooling
Capability profile
$81M stolen; $870M in additional transfers blocked; systemic confidence in SWIFT endpoint security shaken.
3 ATT&CK techniques mapped — see ATT&CK mapping below.
Governance Analysis
Governance Flags
Norms invoked
- •Protection of financial infrastructure and the international banking system
- •UN sanctions framework: DPRK revenue generation through illicit cyber means
Policy responses
- •US DOJ indictment of Park Jin Hyok (Sep 2018, alongside Sony and WannaCry charges)
- •SWIFT implemented mandatory Customer Security Programme (CSP) for member institutions
- •UN Panel of Experts documented DPRK cyber-enabled theft as sanctions evasion
Regulatory changes
- •SWIFT Customer Security Programme with mandatory security controls
- •Enhanced central bank cybersecurity standards globally
Governance impact assessment
Forced a fundamental upgrade to global interbank security and established that state-sponsored financial cyber theft could fund weapons programs in violation of UN sanctions.
Sources
Reuters: How the New York Fed fumbled over the Bangladesh Bank cyber-heist
US DOJ: North Korean Regime-Backed Programmer Charged
SWIFT: Customer Security Programme overview
Sources listed reflect publicly available materials used to construct this case entry. Inclusion does not imply endorsement. Where no URL is provided, the source may be found via its title and date.
Related Cases
WannaCry
May 2017 · North Korea
WannaCry exposed how a leaked intelligence exploit can cascade into a global healthcare crisis, sharpening the policy debate on vulnerability disclosure and the duty to protect civilian systems.
Sony Pictures
November – December 2014 · North Korea
Sony Pictures showed that a state can weaponize cyber operations to coerce a private company and suppress speech, raising urgent questions about where corporate cybersecurity meets national security.
Costa Rica / Conti
April – May 2022 · Russia (criminal, not directly state-sponsored per public assessments)
Costa Rica showed that ransomware can effectively disable a nation's fiscal and health systems, forcing the first-ever national emergency declaration over a cyber attack and elevating ransomware to a sovereign-level threat.
Ecuador Data Exposure
September 2019 (disclosed) · Ecuador (domestic negligence)
The Ecuador data exposure demonstrates that state failure to secure contracted civilian data systems can produce population-scale privacy crises, illustrating data sovereignty as a governance challenge distinct from but parallel to offensive cyber threats.