Big Cyber Heists in History

You may remember a time when bank heists were hands-on operations. If the criminals didn’t actually walk into a bank and demand the cash at gunpoint, they infiltrated the premises after hours by deactivating the alarm system and/or getting inside help from an employee or security. 

Today, it’s different. Thanks to the Internet, criminals in Europe can empty bank accounts in North America (and vice-versa) without having to leave their computers. Hackers have developed the skills and technology to exploit weaknesses in the security measures used by international banks, and all it takes is a single failure for an institution to lose millions. This blog reviews three big cyber heists.

Banco del Austro

In January 2015, a national U.S. bank received a series of SWIFT messages purportedly  from a secure terminal at Banco del Austro (BDA) in Ecuador, requesting money to be transferred to accounts in Hong Kong and elsewhere. Over the course of a few days, the U.S. bank executed the fraudulent messages totalling approximately $12 million.

Attorney Carlos Nunez of Waserstein & Nunez, PLLC, a STARNet member, was hired to recover the stolen funds. The successful recovery strategy included legal claims against the recipients of the stolen funds as well as others.    

Bangladesh Central Bank

In February 2016, a group of hackers tried to steal $951 million from the Bangladesh Central Bank in Dhaka, making it one of the biggest attempted bank heists of all time. While most of the cash was eventually recovered, the gang still managed to escape with $81 million.

The heist involved using the SWIFT system to deceive the New York branch of the U.S. Federal Reserve into transferring cash into accounts controlled by the criminals. Claiming to be the Bangladesh Central Bank, they sent fake instructions for transferring the funds to accounts in Southeast Asia.


Since late 2013, this gang of cybercriminals, which takes its name from a combination of a hacking program and the word “bank,” has stolen about $1.2 billion from over 100 banks in 40 countries, including the U.S., Germany, the Ukraine, and Russia. According to Europol, this series of thefts is believed to be the biggest digital bank heist in history.

Carbanak used phishing emails to install Windows malware on target computers. After gaining access to banking networks, they stole funds in a variety of ways, including:

  • Instructing ATMs to dispense money without having to actually use the terminal. Accomplices would collect the cash and transfer it into the gang’s accounts over the SWIFT network. One bank lost $7.3 million this way.
  • Altering databases, inflating balances on customer accounts, and siphoning off the difference.

Despite the arrest of the suspected ringleader by Spanish Police in March 2018, the stolen money remains missing and the threat posed by the gang continues.

Respond to a cyber heist immediately!

If your financial institution has been targeted by cybercriminals, you can contact one of the highly-skilled and experienced members of STARNet. We are a global alliance of independent law offices with the resources that can help financial institutions in multiple countries locate, free, and recover assets stolen during a cyberattack. To review our member firms and identify the right professional for your case, please visit our website.

The following two tabs change content below.


STARNet, which is short for Stolen Asset Recovery Network, is a global alliance of independent law firms created to provide financial institutions and governments with multi-disciplinary services across countries and jurisdictions for locating, freezing, and ultimately recovering stolen assets related to cyber heists, fraud or corruption.

Latest posts by STARnet (see all)