Bangladesh Bank Appeals US Ruling Clearing Bloomberry Over New York Fed Cyber-Heist

Posted on: April 23, 2020, 04:03h. 

Last updated on: April 23, 2020, 04:28h.

Bangladesh Bank has appealed last month’s US federal court ruling that dismissed claims of liability against Philippine casino operator Bloomberry Resorts in 2016’s New York Federal Reserve cyber heist.

Bangladesh Bank Heist
Gao Shuhua (left) and Ding Zhize are “persons of interest” in relation to the Bangladesh Bank heist, which US authorities believe was ultimately masterminded in North Korea. (Image: GMA Philippines/Google.ca)

In January 2019, Bangladesh Bank sued Bloomberry, along with Philippine bank Rizal Commercial Banking Corporation (RCBC), under the anti-racketeering RICO Act as it attempted to recoup the $66 million still missing from the robbery.

But New York Southern District Judge Lorna Schofield said last month the plaintiff had “failed to state a RICO claim or RICO conspiracy claim.”

Bloomberry lawyers have argued the company was not complicit in the heist and was itself a victim of criminals who laundered the cash at its gaming tables.

Billion-Dollar Bank Job

In February 2016, hackers with now-suspected links to the North Korean regime flooded the New York Fed with requests to transfer nearly $1 billion from an account used by the Bangladesh government for international settlements.

The perpetrators had already introduced malware into Bangladesh Bank’s servers, which enabled them to access payment credentials and authorize 35 requests for transfers into accounts based in the Philippines and Sri Lanka.

Five of the 35 transactions — amounting to around $101 million — were processed before someone at the New York Fed became suspicious and blocked subsequent payments.

Some $20 million of the $101 million was traced to Sri Lanka and quickly recovered, while the remainder ended up in four RCBC accounts that had been opened the same day under false names.

This money was then consolidated into one account and transferred by RCBC branch manager Maia Deguito to remittance firm Philweb.

There, it was converted into Philippine pesos and distributed, as instructed by Deguito, into the lightly regulated Philippine casino sector.

C/O Gao and Ding

Philippine authorities believe two high-rolling Chinese junket operators, Gao Shuhua and Ding Zhize, cooked up the fictitious bank accounts with the help of Deguito and received the money before laundering it through casino VIP rooms. Some $29 million was sent to Bloomberry Resorts Solaire, care of Gao and Ding.

Bloomberry says it had “no knowledge that the funds used to purchase gaming chips and played in the gaming floor and in junket rooms in Solaire were stolen.”

Also named in the Bangladesh Bank civil suit is Chinese-Filipino casino manager and junket operator Kim Wong.

Wong was initially the main suspect in the case because $21 million of the stolen money ended up in an account he controlled. But he was later cleared.

He testified before a Philippine legislative hearing that he had been told to expect the money from Gao and Ding. The pair owed him $10 million in gambling debts — a sum not uncommon in the high-stakes junket industry. The remainder was converted into chips for Gao and Ding’s VIP clients.

Wong agreed to repay the bulk of the money — some $15 million. To date, this is all that has been recovered by Bangladesh Bank from the $81 million that was traced to the Philippines.

In January 2019, bank manager Deguito was sentenced to four to seven years in prison and fined over $100 million for her role in moving the money. She is the only person to have been prosecuted for the crime. 

Gao and Ding have disappeared without a trace.