A bank in Nepal is the latest victim in a string of cyber heists targeting the global SWIFT bank messaging system, though most of the stolen funds have been recovered, two officials involved in the investigation confirmed on Tuesday.
Hackers last month made about US$4.4 million in fraudulent transfers from Kathmandu-based NIC Asia Bank to countries including Britain, China, Japan, Singapore and the United States when the bank was closed for annual festival holidays, according to Nepal media reports.
All but $580,000 of the funds were recovered after Nepal asked other nations to block release of the stolen money, Chinta Mani Shivakoti, deputy governor of the Central Nepal Rastra Bank (NRB), told Reuters.
Brussels-based SWIFT said last month that security controls instituted after last year's $81 million theft from Bangladesh's central bank helped thwart some recent hacking attempts, but it warned that cyber criminals continue to target SWIFT customers.
SWIFT or the Society for Worldwide Interbank Financial Telecommunication is a co-operative owned by its user banks. It declined to comment on the NIC Asia Bank hack, saying it does not discuss specific users.
Representatives with NIC Asia Bank, one of dozens of private banks in Nepal, were not available for comment.
The chief of Nepal's Central Investigation Bureau, Pushkar Karki, confirmed to Reuters that his agency was investigating the theft.
KPMG is also involved in the investigation, according to Nepali media reports. KPMG representatives could not immediately be reached for comment.
The central bank intends to release guidelines on how to thwart such incidents after investigations are completed, according to Shivakoti.
"The incident showed there are some weaknesses with the IT department of the bank," Shivakoti said.
SWIFT said in a statement on Tuesday that it offers assistance to banks when it learns of potential fraud cases, then shares relevant information with other clients on an anonymous basis.
"This preserves confidentiality, whilst assisting other SWIFT users to take appropriate measures to protect themselves," it said.
"We have no indication that our network and core messaging services have been compromised," SWIFT added.
(Reporting by Gopal Sharma, additional reporting by Jeremy Wagstaff in Singapore and Jim Finkle in Toronto; Editing by Richard Balmforth and Matthew Lewis)