A Dhaka court has set July 2 for the CID to submit its probe report on the $101 million Bangladesh Bank reserve heist from 2016, as delays continue to hamper justice in one of the world’s biggest cyber heists.
Nearly a decade after one of the world’s most notorious cyber heists shook Bangladesh and drew global attention, a Dhaka court has once again extended the deadline for the submission of the long-awaited investigation report. On Sunday, Dhaka’s Additional Chief Metropolitan Magistrate Wahiduzzaman set July 2, 2025, as the new date for the Criminal Investigation Department (CID) to submit its probe report in the Bangladesh Bank (BB) reserve heist case.
The court’s decision came after the CID failed to submit the report on the previously scheduled date, adding to a long series of delays that have plagued the investigation since it began in 2016.
A Global Cyber Crime
In February 2016, hackers managed to breach Bangladesh Bank’s systems and accessed its account with the Federal Reserve Bank of New York. The cybercriminals used stolen credentials to initiate fraudulent transfers totaling nearly $1 billion. While most of the transactions were blocked or flagged, $101 million was successfully transferred before detection.
Out of this stolen sum, $81 million was moved into four fictitious accounts at the Rizal Commercial Banking Corporation (RCBC) in the Philippines, while $20 million was directed to a bank in Sri Lanka. However, due to a spelling error in the payee’s name, the Sri Lanka transfer was flagged and stopped.
This spelling mistake, ironically, saved Bangladesh from losing an even larger amount.
Recovery and Investigation
Following the heist, only $15 million of the stolen funds was recovered from the Philippines. The rest of the money has yet to be traced or retrieved, though various legal efforts and international cooperation have continued over the years.
The heist led to serious diplomatic and financial repercussions. It prompted Bangladesh Bank to file a formal case on March 15, 2016, at Motijheel Police Station. The case was lodged by Zobayer Bin Huda, then Deputy Director (Accounts and Budgeting) of Bangladesh Bank.
The incident also drew attention from global law enforcement agencies including the FBI and Interpol, and sparked investigations in multiple countries. In the Philippines, authorities penalized RCBC and imposed a record fine for lapses in anti-money laundering measures.
Prolonged Delays
Despite its significance and international reach, the BB heist case has suffered from continued delays and lack of resolution. The CID has repeatedly failed to file its final probe report, citing various reasons. The latest extension to July 2, 2025, reflects ongoing challenges in gathering sufficient evidence, identifying all culprits, and coordinating with foreign jurisdictions.
Legal experts in Bangladesh have voiced concern that the prolonged delay could reduce the chances of holding those responsible accountable and recovering the remaining stolen funds. Many believe the investigation needs to be concluded swiftly and transparently to restore public confidence in financial security and law enforcement institutions.
A Wake-Up Call for Cybersecurity
The Bangladesh Bank heist served as a wake-up call for central banks and financial institutions worldwide. The breach exposed critical vulnerabilities in SWIFT — the global messaging network used for international transactions — and forced banks to tighten cybersecurity protocols.
Several cybersecurity firms and intelligence agencies have suggested that the attack may have been carried out by highly organized, possibly state-sponsored hackers, including elements linked to North Korea.
What’s Next?
With the new deadline set for July 2, the eyes of the nation — and much of the international financial community — are on Bangladesh’s law enforcement and judicial system. Whether the CID will finally submit a comprehensive report, and whether justice will be served, remains to be seen.
For now, the Bangladesh Bank reserve heist continues to stand as a cautionary tale of what happens when cybercrime, weak internal controls, and international loopholes collide.
