The Lazarus Heist: North Korean Hackers Nearly Got Away With a Billion Dollars

A hacker wearing a gray hoodie sits at a computer with his back to the camera, busy at work.

In 2016, a group of real-life hackers from North Korea planned and executed a nearly perfect US$1 billion raid on Bangladesh's national bank. (Image: Peerapong Boriboon via Dreamstime)

The “Lazarus Heist” may sound like the plot of a Hollywood movie, but in 2016, a group of real-life hackers from North Korea calling themselves the “Lazarus Group” planned and executed a nearly perfect US$1 billion raid on Bangladesh’s national bank. The hackers would’ve gotten away with it if it hadn’t been for one little coincidence and a spelling error.

On February 5, 2016, the staff in the Bangladesh Bank detected a printer malfunction that took place on the 10th floor. This was an important step in the “Lazarus Heist.” The function of this piece of equipment was to print out a record of any multi-million dollar transactions into or out of the bank. Bank staff thought it was a typical hardware or software glitch. However, as the printer was rebooted it started printing messages from the New York-based Federal Reserve Bank (the Fed) trying to verify instructions they had received to drain the U.S.-dollar account the Bangladesh Bank had on deposit with them of the entire balance — US$951 million.

Subscribe to our Newsletter!

Receive selected content straight into your inbox.

A printer malfunction set off the Lazarus Heist.
Staff in the Bangladesh Bank detected a printer malfunction that led them to uncover the hackers. (Image: Kuprevich via Dreamstime)

The bank tried to contact the Fed to get things sorted out, but the hack had been timed so as to make this impossible. The hackers had begun on Thursday evening, February 4, at 8 p.m., knowing that Friday was the beginning of the weekend in Bangladesh and therefore the bank would be closed. Meanwhile, it was Thursday morning in New York, and the Fed would have all day to process the transfer. By the time the bank in Bangladesh could potentially find out about the hack, it would be the weekend in New York, and the Federal Reserve would be closed. On top of that, Monday, February 8, was the first day of the Lunar New Year — a holiday across much of Asia — that hackers hoped would further delay any discovery of the attack.

The Lazarus Heist had been well planned for a long time

The North Korean group had been planning the “Lazarus Heist” for a long time. In January 2015, they sent an email to several bank employees from a supposed job-seeker with a link to a website where his résumé and cover letter could be downloaded. Someone inside the bank clicked on the link, downloaded the documents, and got their computer infected with a virus the hackers used to gain access to the bank’s computer system.

Before attempting to transfer any money, the hackers had to plan out their “escape route.” They set up four accounts with a branch of RCBC in the Philippines, one of the country’s largest banks, and deposited US$500 into them. The bank branch was located in a busy part of Manila, on Jupiter Street.

Outside of one of the brances of RCBC Savings Bank Manila, Philippines.
The hackers set up four accounts with a branch of RCBC in the Philippines. (Image: Tupungato via Dreamstime)

The final obstacle was the printer on the 10th floor of the main office of the Bangladesh Bank. Since it was being used to provide a paper backup of all multi-million dollar transactions, the hackers had to gain access to its software and disable it. Once they accomplished this, they began carrying out their plan, initiating a series of 35 transfers to the four accounts they had set up in the Philippines, totaling US$951. And that’s when the “Lazarus Heist” got tripped up by a little coincidence.

The bank in the Philippines was on Jupiter Street. At the time, the U.S. had sanctions against an Iranian shipping vessel named Jupiter, so the mere mention of the word was enough to flag the transactions in the Fed’s computer system. Once they were reviewed, most of the payments were stopped. Only five of them, totaling US$101 million, were successful.

The hackers directed US$20 million to a charity in Sri Lanka called the Shalika Foundation, and this is where the spelling error comes into the story. The transfer was set up to go to the Shalika “Fundation.” A bank employee spotted the mistake and reversed the transaction.

Still, the “Lazarus Heist” managed to net the Lazarus Group US$81 million, a lot less than they hoped for, but a devastating blow for Bangladesh.

Follow us on TwitterFacebook, or Pinterest

Recommended Stories

'Eternal Spring' animation.

‘Eternal Spring’ Movie Receives Rave Reviews

Eternal Spring is a Chinese-language animation documentary directed by Canadian director Jason Loftus and produced ...

A jigsaw puzzle shaped like a brain.

Study Shows Taking Short Breaks May Help to Learn a New Skill

In a study of healthy volunteers, National Institutes of Health (NIH) researchers have mapped out ...

A rise in global temperatures.

Mass Extinction 252 Million Years Ago: Are We Due for Another One?

About 252 million years ago, a rise in global temperatures resulted in a massive mass ...

The Crew Dragon's flight abort test.

SpaceX Successfully Completes Crew Dragon Abort Test

Elon Musk’s SpaceX successfully finished an abort maneuver of its Crew Dragon spacecraft, demonstrating that ...

SpaceX Crew Dragon docking with the Space Station.

SpaceX Crew Dragon Makes History Docking With Int’l Space Station

Elon Musk’s SpaceX made history early this month when its spaceship, the Crew Dragon, successfully ...

The SpaceX Crew Dragon.

Space Exploration: SpaceX Delays Test Launch of Crew Dragon 2

Elon Musk has confirmed that the much-expected Crew Dragon 2 spacecraft test launch that was ...

A candlelight vigil in Hong Kong.

Humanity Vs. Communism: Human Rights Watch Blasts China in Recent Report

Human Rights Watch (HRW) recently published its World Report 2020, with a foreword by Executive ...

quantum entanglement with computers.

We Are on the Way to the Quantum Network

Physicists at LMU, together with colleagues at Saarland University, have successfully demonstrated the transport of ...

Quantum entanglement.

The Exciting World Of Quantum Entanglement

Though many people would have heard about the term quantum mechanics at least in passing, ...

Send this to a friend