The $1,000,000,000 North Korean Bank Heist

– [Kento Bento] I’m Kento Bento. This video is made possible by Dashlane. Download Dashlane for free if you never wanna lose another password again at the link in the description. Bangladesh, February 7th, 2016. The director of the Bangladesh Central Bank
got off the elevator on the ninth floor and headed to the back office of the
accounts and budgeting department. This was the most restricted
part of the building. He was there to deal with a problem, one that
had been plaguing the office for the last few days. You see, the printer wasn’t working. This was kind of a big deal.
It was causing a real disruption. The automated printer, which was
hooked up to the bank’s software, was supposed to work around the clock 24/7,
printing out the banks transaction reports in real-time. Due to this technical glitch, however,
the printer tray remained empty. Much of the day was spent
trying to fix the issue, and after a great deal of
effort, there was success. They were able to restart the printer. And so, the backlog of transaction reports
started rolling out, one by one. Now, it soon become apparent
that something wasn’t quite right. There were more statements than expected. When they took a closer look, they found 35 suspicious payment orders
for what were ridiculously large sums of money. Having supposedly been transferred from the Bangladesh Bank’s own account to various other accounts
in other countries. Certainly, no one from
their bank had authorized it and the SWIFT security system
in place was unbreachable. As the director sifted through
the suspicious transfer requests, the true scale of the situation started dawning on him. The transfers totalled to
almost one billion US dollars, an absurd amount, a significant
chunk of the nation’s reserves. Where were they going? Who was responsible? Panic ensued as the workers
scrambled to stop the payments. But, it was likely too late. The ill-timed printer malfunction from earlier
had caused an unfortunate delay in their response. It seemed Bangladesh had
just lost a billion dollars. But how? This happened in February 2016, but what led to this moment actually started nine months earlier. Philippines, May, 2015. Over 3000 kilometers away, a group of men
enter the Jupiter Street branch of the RCBC Bank, just outside Manila, and opened four
bank accounts with just $500 inside. The men then left, never to return. With their accounts left
seemingly abandoned. Now, returning to Bangladesh, the country was becoming one of the
fastest growing economies in the world. Their central bank sat in the financial
district of the capital, Dhaka, a chaotic city, with almost 20 million people. But, despite all this rapid growth,
it was a nation that could ill afford to lose one billion dollars of taxpayers’ money. Fast-forward, January 2016,
a month before the incident. An employee at the Bangladesh Bank,
was checking his mail at work. Now, nothing seemed out of the ordinary,
he thought nothing of it, but he went home that night not realizing he had just set in motion events that
would soon shock the nation’s banking system, if not the world. You see, he had inadvertently
clicked on an infected email, one that immediately began
installing a malicious program in the central bank’s computer systems. This malware would allow intruders
to enter the network and gain access to the inner workings of the Bangladesh Bank. Hiding in plain sight, these intruders could now spy on workers and study the bank’s operational procedures. And that’s what they did. It was now just a matter of time. A month later, on a Thursday, as the
bank was shutting down for the weekend, which in Muslim-majority
countries like Bangladesh, tends to be on a Friday and Saturday,
instead of a Saturday and Sunday. The intruders once again
entered the system. But it was for the last time, because
this was what it was all leading to. Now, they were in the system, but manipulating international money transfers was a whole nother thing. SWIFT, you may have heard, is a global payment network enabling financial transactions to be sent in a secure and reliable way, using military grade security designed to be unbreachable. Just to be clear, SWIFT does not
facilitate the transfer of actual funds, but rather it sends the trusted payment
orders between accounts, which the banks then act on. This is the standard in
international banking. And, this is partly why bank hackers
usually focus on stealing the login credentials of individual bank account holders, rather
than focusing on the banks themselves. But, it wasn’t the case
here, not for this group. Their target was the institution. Using the bank’s legitimate SWIFT
credentials that they collected from the malware, they were able to take control of the SWIFT
terminals, as if they were legitimate bank employees. Yes, SWIFT itself is safe and secure, but the banks using them first needed to be responsible
for their individual cyber security, on their end. If their security happened to be lacking,
as in the case with many developing nations, SWIFT could actually be used against them. And, that’s what was happening here. 35 phony transfer requests, totalling
$951 million, was by now being sent via SWIFT to the Federal Reserve Bank of New York. Okay, but why New York? Well, because the Bangladesh
Bank owns an account there with billions of dollars on deposit
meant for international settlements. The details of the requests
sent from Bangladesh were to transfer the funds from New York
to various accounts set up across Asia. I’ll get to that part soon. Now, with that they were done.
In and out in just hours. The next day, Friday, New York City. One of the world’s
biggest financial centres. The Federal Reserve Bank of New York
was busy processing Bangladesh’s payment orders, or supposed payment orders. The Fed, renowned for it’s security,
initially had no cause to stop the transfers, because SWIFT instructions are
legitimate, they’re trusted. So, oblivious to the deception, they
began processing their requests. Sunday morning, the
Bangladesh Bank employees, back from the weekend, were now
trying to fix their darn printer problem. The automated printer connected to the SWIFT
network hadn’t been working the last days. And, the usual printouts of real-time
transfer confirmations were backlogged. Of course, this was the most
unfortunate time for a technical glitch, except it wasn’t really
a technical glitch. The hackers had indeed
taken additional steps in preventing confirmation
messages from revealing their theft. Wiping out evidence
from the SWIFT database, and intentionally crashing
the automated printer. This had bought them
some much needed time. Now, meanwhile, in Sri Lanka, $20 million arrived in a Pan Asia Bank account
of a company called the Shalika Foundation, sent from the Federal
Reserve Bank in New York. This, of course, was just one of
35 transfers making its way to Asia. Right back in Bangladesh, the workers
had now finally got the printer working and they were sorting through
the transfer requests. Panic quickly ensued as they realized 35 payment orders were made, totalling to almost one billion dollars. They immediately tried to send a stop payment
order to the New York Fed, but it was a Sunday and there was no one there to respond. By the time New York staff would return
on the Monday, it would’ve surely been too late. Now, little did they know, they had actually
caught a lucky break, because it turned out the automated system in New York had
flagged 30 of the transactions for manual review. By complete luck, one of the words on the SWIFT order happened to match the name of a shipping company that had been blacklisted for evading
US sanctions against Iran, pure coincidence. This would prove
devastating for the hackers. As $870 million worth of
transfers were now blocked. Later, when staff took a closer look,
they noticed several red flags. The unusually high number
of payment instructions, the large transfers to private
entities rather than banks, and the ridiculously large total. At this point, they had to
seek clarification from Bangladesh. And, after getting word of
their stop payment order, the transfers were shut down. It was over, the gig was up. Or was it? Yes, 30 of the transactions, worth
$870 million, would never be seen by hackers, but there were still
five transactions left. The remaining 101 million, which the
fed’s automated system failed to pick up on, and which was still a heck of a lot
of money, had gotten through. Where did these five end up? The first transfer, Sri Lanka. $20 million, as we know, reached an account
in the Pan Asia Bank via Deutsche Bank, which was the routing bank. Intended for a company called
the Shalika Foundation. This was a supposed Sri Lankan non-profit. Now, an observant employee
at the Pan Asia Bank noticed something odd, $20 million was an unusually large
amount for such a small NGO, not to mention for the
country of Sri Lanka. This employee then sent the transaction
back to Deutsche Bank for verification. So, now Germany, Frankfurt, the payment order,
just like in New York, was being reviewed. And, just like New York,
there were red flags. Such as this one, spelling
foundation as fandation. These suspicions were soon reaffirmed, and ultimately it turned out, no surprise,
that this Shalika Fandation was indeed a fake company. The money was then rerouted back
to the Bangladesh Bank’s New York account. Then there were four, $81 million dollars. But, we won’t drag this out because these
four were all sent not just to the same country, not just to the same bank, but to the same branch. The Jupiter Street branch of the RCBC Bank,
just outside Manila, in the Philippines. Four accounts had laid
dormant for nine months with just $500 inside, untouched. Until a sudden cash
infusion of $81 million. These sudden bursts should’ve
triggered an alert from RCBC but for whatever reason,
it slid under the radar. And, indeed, the accounts were later
found to be under fictitious identities. From there, the money was quickly
withdrawn and laundered through casinos. Where the electronic money transfers
were converted to hard untraceable cash. The Bangladesh Bank did
try to stop the transfers, but timing was just not on their side. The stop order was not
received by RCBC Bank on the expected Monday, because
Monday was Chinese New Year. A non-working holiday in the Philippines. By now you’re probably
noticing a trend here. Every step of the way there were
delays that benefited the hackers. And, this was by design. A remarkably well timed attack. On Thursday evening
they entered the system at the start of the Bangladesh
weekend when the bank is closing. On Friday, the New York Fed tries to clarify
the requests with Bangladesh, but no one’s there. On Sunday, Bangladesh staff
return from the weekend but can’t get through to New York
as it’s now the weekend in the US. On Monday, the Fed finally
gets the orders to stop the transfers, but not the Philippines because it just
so happened to be Chinese New Year there. And, only on Tuesday,
five days after the heist, that RCBC staff find out about
the fraudulent transfers. But, by then it was too late. Now, two Chinese men, Ding
and Gao, were eventually found to be responsible for setting up
the fake RCBC accounts in the Philippines. They turned out to be just middlemen. But, they were still a
crucial part of the operation. And, investigators hoped questioning
them would lead to the true culprits. Unfortunately, before the Bangladesh authorities
were able to apprehend them, they left the country, Boarding flights to Macau, a
special administrative region of China where it was then
impossible to track them. And so, with the remaining four transfers,
the hackers were able to net $81 million. Not quite the original
sum, but still enough, by some metrics, to be considered
the single biggest bank heist in history. Now, despite the attackers best efforts
at removing evidence from the bank’s systems, cybersecurity experts were
still able to analyze the malware. What they found were similarities in the techniques and tools used between the Bangladesh Bank heist and many other cyber attacks on
financial institutions around the world. Which means that, this one particular group had very likely been responsible for a series of global attacks. This group was dubbed Lazarus. But, there was more. As experts dug deeper, combing
through the server logs of recent attacks, they found something even more unexpected. An IP address connecting Lazarus
to a particular nation state. For a brief moment they had
failed to cover their tracks. And the logs had indicated
that the attack servers they used had been accessed at
least once from a North Korean IP address. There was also Korean language found
embedded in the computer code. Now, it is important to note, that it is
possible that North Korea was framed, with the attackers leaving behind purportedly solid evidence in order to mislead investigators. But, according to the majority
of cybersecurity experts, it is almost certain that
North Korea was behind the attacks. And, it wasn’t just attacks
on financial institutions, they were also revealed to be responsible for many cyber terrorism and cyber espionage campaigns against the South Korean government
and various South Korean infrastructures. Then there’s the Sony
Pictures hack of 2014. One of the biggest corporate
breaches in history. Lazarus had taken great exception
to the plot of the film ‘The Interview’, where the North Korean leader, Kim Jong Un,
was targeted for assassination by the CIA. Cinemas across the US were threatened
with terrorist attacks if the film wasn’t pulled. North Korea, of course,
denied any responsibility. But, it seemed fairly obvious that this group
was actively targeting known enemies of the State. Now, as for Lazarus’ banking exploits, like the
Bangladesh incident, the attacks were just the start. They had to ensure the money would
then get to the intended location. And, the way they did that was to have the stolen funds moved through places like Macau, which in particular, is known to be North Korea’s financial
point of contact with the outside world. We know, thanks to the two Chinese middlemen, that
that’s exactly where the Bangladesh funds ended up. And, from there, it wouldn’t have been hard for the money to be wired directly to Pyongyang. Proceeds would then
have likely gone towards advancing their nuclear program, funding the lifestyles of the elite, and propping up their economy. All this, quite possibly representing, a significant percentage of the country’s current GDP. If this is all accurate, and North Korea
is indeed behind these attacks, the international implications would be profound. Especially with the recent developments. As this would be the first known
case of a nation state robbing banks. From there, perhaps, anything is possible. They could hack political campaigns, weapons systems, civilian bank accounts, or even YouTube accounts who have
made content they may find unfavorable. Oh crap. Actually, that’s okay
because I have Dashlane. Dashlane makes keeping track of
all your passwords ridiculously easy. Not only is it gonna prevent North Korea from spying
on you, yeah you, because that’s likely to happen. But it’ll store all your passwords in one super-secure
place, and auto fill them on websites you go to. If you have the same password everywhere, but are too lazy to go to each individual website to change your passwords, well, not a problem. Because you can just click one button
on the Dashlane app, and it does it for you. Dashlane also has a password generator, so you don’t have to spend time thinking
up super strong passwords like this one. By going to,
you can get started for free. And, if you want some
extra special features like syncing your passwords and
login details between all your devices like IOS, Android, Mac, and Windows, you can upgrade for 10% off by using the
promo code KENTOBENTO at checkout.

100 comments on “The $1,000,000,000 North Korean Bank Heist”

  1. Kento Bento says:

    Yet another North Korea video from Kento Bento. Are you guys getting sick of these yet?

    Support Kento Bento on Patreon

    Available Subtitles: English, Indonesian, Spanish, Arabic, Vietnamese, French, Turkish, German, Nepali, Chinese (click 'CC')
    ► Help us with subtitles in your language!

  2. Coronel Kittycannon says:

    Plot Twist: Dashlane is run by North Korea.

  3. Rick Girthquake says:

    Those chicken nuggets look pretty good.

  4. Kian Cortes says:

    All of that, just because of a printer.

  5. Lucky Rabbit says:

    Question is how does NK cultivate hackers of this caliber?

  6. Exp877's Random Stuff says:

    fuck why did we have to open four bank accounts?!

  7. Deeplove Sapkota says:

    I hate North Korea

  8. Deeplove Sapkota says:

    Not to be rude

  9. smol_potato says:

    this comment was made possible by dashlane

  10. Camouflage Burst says:

    I thought it was the hindu,s

  11. Michael Iniguez says:

    Thanks for making the ads at the end, it makes it easy to just click off the video

  12. Lipe King says:

    Is this made up

  13. PotetGutten says:

    Dashlane is a North Korean Company idiot

  14. Nursultan Bekmuratov says:

    stay safe, store all your passwords in one "secure " place

  15. Asiano Casino says:

    This whole video is just another long ad

  16. Tofu_GameZ Z says:

    Kim jong un be like: Hack the banks of foreign countries so i could countinue stuffing my face with food while my citizens starve to death.

  17. anny kurniawati says:

    That was lucky

  18. Yeetus the fetus says:

    How can you do everything right,but then lose 20 million because you couldn’t pass a 4th grade spelling test?

  19. redwan chowdhury says:

    Wait…….you talked about Bangladesh. …..
    I live in Bangladesh. ……

    Wow…..finally someone mentioned Bangladesh

    In a bad……way….
    And you pronounced Bangladesh wrong

  20. Roy Gabriel says:

    If you are reading this you are in luck because a lot of people are in debt. According to the federal reserve in 2017 America was owing an estimate of $1 trillion in credit card debt aside from school loan, home mortgages an average American as an estimate of $22,000 in debt from credit card spending alone. If you are in debt you should be afraid because the standard of living would continue to increase and this increase would increase your debt because to survive you would need more loans. This is a problem that gave birth to the structure created by a group of anon hackers who are ready to help you with funds and in return you would enrich the society. The beautiful part of this is it as a long existing lifespan meaning you would be earning daily from this. I made $330,000 this year alone. I have been working with them for two years now and i decided to help anyone out there that might be needing this. If you are interested contact them via this mail:
    [email protected] Note: let them know i referred you.

  21. Octava Variety Hour says:

    Kento Bento:They hacked Swift most trustable program for bancks used on earth.
    Also Kento Bento:but it's ok coz they will not hack u coz of dashlane,an mediocre safety app(I mean it worse than swift probably)

  22. Manu maker08 says:

    I feel like this should have the tf2 spy theme playing in the backround

  23. MultiYuniversal says:


    i'm sorry for the bad pun

  24. God Fist says:

    even tho north korea is poor in resources. they make money this way ,aren't they a little smart ? wee

  25. Sam Deacon says:

    skip to 13:36 for the dashlane add, I know thats what you all came here for

  26. BradW CSGO says:

    I love your channel, so interestingly educational!

  27. Faust Kreig says:

    Asian boy

  28. Skim. ButterMilk.459 says:

    This is like those Yugi oh episodes where they keep placing cards and explaining shit and you sit there confused

  29. Sanjay Madhavan says:

    I highly doubt a teddy bear drinking milk with pacifier would cause such a mayhem

  30. Gtx 1080 Ti says:

    Involuntary globalist socialism

  31. milkshake gacha ùwú says:

    this is why you shouldn't spell foundation wrong.

  32. HX3 EN/FR says:

    Money money money

  33. Easy Technology says:

    I`m a Bangladeshi but

    I know nothing about this

  34. Honorable_Aj says:

    Who else clicked on this video because they thought that a North Korean bank was robbed

  35. Kohlton Miller says:

    All of that and they couldn't pull up Google Translate real quick…

  36. Tyler Wilburn says:

    If Only They have grammarly problems would be solved

  37. Shaikh Jasem says:

    What if Dashlane is controlled by North Korean Lol

  38. Raddulm says:

    You have the smoothest transitions to your sponsorships. Damn smooth like a hot knife slicing butter.

  39. Ajay Ashwin says:

    What if they hack dashlane?

  40. Minion Eyes says:

    Wtf i am from bangladesh

  41. Jack Evans says:

    This is the best advert I have EVER seen for a VPN

  42. FunGamerBoy Hi says:

    Wait, i can send a virus email to a bank and make hundreds of millions?

  43. The Final Boss says:

    Damn, all of New York in one folder.

  44. Aidey8 mph says:

    I love the way you say "for"

  45. S.ツ says:

    ᕦʕ •ᴥ•ʔᕤ (◠ᴥ◕ʋ)

  46. Ming Fung says:

    Only north korean hackers can be bad enough to be spotted by the "security specialist"

  47. MT says:

    I'm getting a movie vibe

  48. Mani Shaw says:

    Technically 1 mail = 1billion dollars 🤔

  49. Titus Standing says:

    I love your art style

  50. gokul balagopal says:

    Most of the people in the comment section didn't know that the misspelling of foundation was done deliberately,they were just trying to mimick the original foundation

  51. Dathan Fc says:

    I celebrate Chinese New Year

  52. GreenSphinx says:

    My dad is from Bangladesh and most of my family is in/from Bangladesh

  53. jayceon Raeshetia says:

    This guy is a genius heaven-made hacker, he has done wonders and he is the true magic finger!! He does almost everything in the definition of hack, from Bank loads, to credit cards top up and bill pays, ACH, WIRE TRANSFER, MoneyGram, WesternUnion transfer,PayPal, BITCOIN MULTIPLYING, zellepay and any cash apps, he hacks Facebook,Twitter,Snapchat,whatsapp,and any phone connected to the internet, he is a certified hacker from Russia, I recommend him for your hack services believe me you’d thank me CONTACT:[email protected]
    whatsapp +1 (619) 720 0748 …….

  54. Zirui LIU says:

    I'm guessing this is another 15 minute ad for Dashlane…

  55. Noahser says:

    12:42 big north korea

  56. Meta Grave says:

    I might just be stupid, but why wouldn't they just try to take as much as possible? Why did they set up the flags on purpose?

  57. Absolute Longplay says:

    love your animations Bento

  58. derpzone says:

    The first thing I noticed is that you can spell Dashlane with Bangladesh.

  59. dont know says:

    Sino dito pilipinooo

  60. 1,000 SubscribersWithNoVideos says:

    Next Video: The 1,000,000 Africa Heist

  61. Da Cash Dude Burrr says:

    This story is worth a leonardo dicaprio movie

  62. Golden Movies says:

    Who wants to create a hacking group with me?

  63. Maksymilian Tym says:

    If u want a super strong password just smack ur keyboard lol. Like that:
    [email protected]#[email protected]#YH#$GGFJW$kmgj09032uj409gkdf

  64. Lawrence Tan Wei Hong says:

    This is by far, the smoothest transition from main content to an ad.
    Outstanding move!!!

  65. Amitava Kanjilal says:

    Taking money of Bangladesh to improve infrastructure!!

  66. Orange Rightgold says:

    Dude it looks like they aimed for the 81 million. The rest was just red herrings.

  67. Dick Head says:

    When your country is so poor that it makes most of its GDP by stealing

  68. Muslim Abdulla says:

    Seems so continued rolling work , and advanced planning because of the dates and short time gaps! Also i guess some other things about it are waiting be uncovered.

  69. BY the ninja says:

    dash lane is great and all ,buthow do I know that dash lane ain't looking at my passwords

  70. jayceon Raeshetia says:

    All thanks 🙏 to Andrusha adrik. I just received another payment which we shared 70-30

  71. Sebastian Lim says:

    Kids please note that English is very important, especially when YOU ARE TRYING TO ROB A NATION RESERVES!!!!

  72. Nick595y says:

    You just said swift was unbreachable

  73. MysTic_Aiden says:

    Dam so much money lost 1billion to 81mil

  74. JXN MEMES says:

    what if dashlane got hacked??!!

  75. Alexandru Tănase says:

    North Korea : Hackerman

  76. Sai says:

    Sunbro Casino

  77. kazuki nakamura says:

    1 billion Bangladesh Taka? That’s not worth much.

  78. Benon Ma says:

    very well planned.

  79. Or Gat says:

    One of the longest ads I have ever seen

  80. Ali Safeer Hyder says:

    How watch dogs 2 was supposed be like but even Ubisoft was like nah fandation is perfect……

    And so are our glitches

  81. Yixian Li says:

    What if Dashlane is made by North Korea?

  82. The Buriers Faction says:

    The Dashlane ad was once like an RKO outta nowhere, but now I kinda look forward to how you will transition to them.

  83. The Dank USSR Hunter says:

    how kento bento post about north korea a lot

  84. RareLi says:

    Bobo sayang yung pera, all for the reason of not knowing how to spell 'foundation'

  85. Crystal Heart says:

    this where where the bangladesh government was all over the news here in phils…

  86. Jeapie says:

    $20.000.000 spelling bee mistake

  87. Elite Geo says:

    We are very sorry that this happened even though i am from cebu i do feel guilty

  88. Shula Wamushe says:

    Wow! I enjoy the way u put up your video. Keep it up

  89. Owen Simonsen says:

    Was I the only one secretly cheering for North Korea?

  90. Erick Hernandez says:

    Am i the only one rooting for the hackers to steal 1billion regardless of who they were. Fucking balls of steel to pull it off. Puts every bank robbery in history to shame. 1 billion. Can you even fathom pulling that of. Wow.

  91. KimKevin says:

    So I was a North Korean @12:43

  92. Saradhi Mamillapalli says:

    13:38 When you realise you just watched a 13 minute ad

  93. The Cent Lord says:

    951 million was planned to be stolen, 870 million was retrieved. How does that make the total 101 million?

  94. vid edits says:

    North Korea is overrated

  95. Hiro Higuchi says:

    That advertising transition was smooth as hell

  96. anthony akoijam says:

    Most intriguing video ever on this channel

  97. Jake F says:

    Literally any second in this video would be perfect for a VPN sponsor. "but hey, non of this would've happened if they just used Nord VPN!"

  98. Narez 11 says:

    Muslims : terrorists and idiots who cant defend their banks .
    Iran : a world peace threat.
    Russia : gangs country, and spy exerpets that targets only USA.
    USA : the saviors who invaded a lot of countries and stole a lot of oil from 3rd world them , the real world threat who's being owed billions of money to asian countries and spend each year a net of 589billions USD on military and have military bases all across the world … USA is surely not behind this clearly NorthKorea couldnt just use chinese IP or South Korea IP … why wouldnt they use their own IP … so clever to do all this but fail to use the nearby network 🙂

  99. Mozzer Magic says:

    Wait I thought this was the story of the 4 guys

  100. Logic Board says:


Leave a Reply

Your email address will not be published. Required fields are marked *