When you think of the word ‘heist’, masked figures armed with weapons and terrified staff behind glass counters usually come to mind. But in a world where technology is advancing quicker than ever, it is now possible to carry out a complex cyber robbery of money and crypto-currency from the comfort of your own home.
To celebrate this week’s release of Billion Dollar Heist on digital download, we’re counting down some of the biggest cyber heists to date, and how hackers managed to commit robbery from the World’s biggest companies and federations without being caught.
COINCHECK CRYPTO HEIST
Coincheck was a fast-growing Japanese crypto-currency app that allowed users to easily buy and sell currencies, including Bitcoin and Nem.
When the app suddenly terminated all transactions and exchanges in January 2018, users began to suspect that there had been a breach in security, but the owners released a statement reassuring users that they had not detected any suspicious activity.
Only hours later, the President and COO of Coincheck called a press conference to announce that 500 million Nem, valued at $1 each, had been stolen from users and moved into accounts separate from Coincheck’s exchange.
With a total of $500 million worth of Nem stolen, Coincheck admitted that the multi-factor authentication system promised as part of the exchange’s safety features was not used, which allowed the hackers to infiltrate the hot wallet where crypto-currency was held.
Although the perpetrators of the Coincheck Crypto Heist were not confirmed, reports concluded that the infamous North Korean government hacker group, nicknamed ‘The Lazarus Group’, were behind the heist.
THE POLY NETWORK HEIST
The Poly Network Heist is the most recent cyber-heist on our list, with the robbery occurring in August 2021.
A single hacker was able to intercept the Poly Network, a system created specifically for crypto-currency to emulate transactions such as loans or exchanges without a mediator. Each deal was coded to communicate with the Poly Network about the nature and the sum of every transaction. The hacker created their own code and inputted it into the Poly Network, and was able to successfully get it to authorise $600 million worth of crypto-currency to be sent into their account.
Shortly after the attack was discovered by the Poly Network, with users resigned to the fact that their crypto-currency had been lost forever, $260 million was deposited back into the Poly Network anonymously. Within 48 hours of the attack, the full amount of stolen crypto-currency had been returned to their rightful owners.
The Poly Network offered the hacker $500,000 and a position to lead their security team in return for highlighting such a major issue within the network, but no money or job offer has yet been claimed.
CARBANAK
In 2014, Kaspersky Lab, a Russian cybersecurity company, discovered a highly effective operation used by cyber criminals to rob banks across the World.
The first part of the robbery used phishing emails targeting bank employees to install ‘’Carbanak’, a type of software used to infiltrate bank’s transaction systems and give authorization to transfer funds out of accounts.
Once Carbanak had control of the institution’s transactions, hackers were then able to overtake the operation of ATM’s to dispense the money, co-ordinating with ‘cashers’, people enlisted by the hacking group to pick up the money just as the ATM machine emptied.
These ‘cash rings’ did not target individual accounts, but rather institutions themselves, allowing Carbanak to bypass the security systems banks used to track fraudulent activity. The operation went undetected for almost two years, with Kaspersky reporting that around $900 million was taken from banks in various countries, including the USA, China, and Russia.
Although a few individuals have been arrested and charged for their involvement in the Carbanak heists, the orchestrators of these operations have still not been caught.
BANGLADESHI CENTRAL BANK HEIST
In February 2016, officials from the Central Bank of Bangladesh had just fixed a broken printer that listed every transaction made via the bank overnight. When the printed transfers began to appear, they were horrified to discover that huge amounts of money had been transferred out of the institution’s accounts from the previous day.
It was found that hackers had been able to infiltrate the SWIFT security system, a high security programme used by banks around the World to verify high value transfers between institutions. From there, they were able to approve transfers from the bank’s own funds into various accounts set up nearly a year prior.
The original sum of transfers falsely approved through the Bangladeshi Bank was just shy of $1 billion, but due to some mistakes the hackers made in coding, only $81 million was able to be successfully withdrawn, laundered through gambling, and cashed out. Once again, the culprits were identified as the infamous ‘Lazarus Group’, and although the FBI have warrants issued for multiple members, no arrests have been made.
If all the transactions were successful, the Bangladeshi Central Bank Theft would have become the biggest cyber heist to date.
Billion Dollar Heist is available to download on digital platforms now.
