THE BILLION-DOLLAR TYPO
The Billion-Dollar Typo
It's no secret that many governments around the world employ the use of computer hackers to wage silent wars against other countries.
As the world pushes more and more into a Dark Mirror episode, these digital armies have been mobilized.
Some are used to extract wealth from foreign nations, while others are simply "troll farms," where the "hackers" have been replaced by thousands of programmed cell-phones, pumping out lies and misinformation around the clock.
This was made crystal clear recently, when the veil was lifted on some major social media sites, and suddenly the physical location of many "influencers" were revealed to be foreign actors, pretending to be the "voice of the people."
These fake accounts use A.I to create a fabricated person, like the recent revelation of this influencer, who had an entire portion of the country collectively salivating: a massive catfish job perpetrated by a clever man in India.
Usually, the goal of these cyber attacks is money, but often the intent is to sow distrust in financial institutions, and undermine stability.
One of the most famous of these factions is the Lazarus Group.
Operating under the official name the Reconnaissance General Bureau (RGB), this group has actively been disrupting the world economy for decades.
A North Korean sanctioned branch of the military, the RGB is a highly organized, completely loyal to the state, and shrouded in secrecy, this is their country's version of the C.I.A or Mossad.
The group, made up of highly educated computer scientists and engineers, primarily exists to funnel money to the state through cyber attacks.
In the early months of 2016, the Lazarus group set its sights on a most ambitious target: the Federal Reserve Bank of New York.
The attack started with something small: a simple email.
The message contained a resume attached by a hopeful applicant, but in reality was a trojan horse, loaded with malware.
When the email was opened by a mid-level employee at Bangladesh Bank in Dhaka, it released the virus into the Bank's computer network.
The clerk then moved on to more business, unaware of the Pandora's Box he had just opened.
The software acted as a digital spy for the Lazarus group, feeding them highly sensitive information. The group was patient and bided their time, waiting to see that critical opening they needed.
After a year of this reconnaissance, the hackers had finally identified the ultimate prize: the SWIFT terminal—a gateway used to authorize multi-million dollar transfers.
The group realized if they could control this terminal, they could essentially control the flow of wealth itself.
PERFECT TIMING
But there was one hurdle the hackers had to deal with: a physical printer located in Bangladesh Bank.
This printer was hard-wired to provide a paper trail of every major transaction that passed through the Bank.
If this printer started spitting out huge transaction requests, and then passing employees noticed their own names on these bogus requests, the whole house of cards would come crashing down.
But the determined group had not waited this long to be thwarted by a simple peripheral.
To neutralize the printer, the hackers decided to inject a second virus, this one to cripple the troublesome sentry from spoiling the whole thing.
And the window of opportunity the group was waiting for finally came, and on February 4, 2016, after Bangladesh Bank had shut the doors and the last employee in Dhaka was heading home to begin a long holiday weekend, the Lazarus group took control of the SWIFT terminal.
They immediately issued 35 separate requests totaling nearly $951 million to the Federal Reserve Bank in N.Y, destined for accounts of a bank called RCBC in the Philippines.
The transfers looked legit: they were made with the official logins of the employees and the amounts were large, but not uncommon. What had begun as one of the most basic hacker scams around: a "phishing email", had turned into the heist of the century.
TO ERR IS HUMAN
The first $81 million cleared instantly. The hackers watched the numbers climb as a simple email breach broke the bow of a national bank.
Then, the thirty-sixth request hit the routing filters.
This transfer was requesting on the behalf of the "Shalika Foundation," but was spelled incorrectly as the: "Shalika Fanndation."
As these requests often passed through "middle-men" banks on their routes to Asia, a routing clerk working at
Had the spelling been correct, the clerk never would have questioned it, and the other requests most likely, would have proceeded without incident. It was the grammatical mistake that piqued the clerk's interest.
The employee first contacted the Pan Asian bank in Sri Lanka, who looked at the request and agreed it was indeed suspicious. They then relayed that information to Bangladesh Bank, where the requests had originated, asking if they were absolutely sure they wanted to send 20 million dollars to a "fanndation".
By this time, it was Monday and bank employees were returning to work in Bangladesh Bank, and were shocked when informed these massive requests had been made in their names.
The Fed was contacted and immediately cancelled all pending transactions, and the billion dollar dream of the Lazarus group was squashed.
It was an ironic and pitiful outcome for the group. It was a bonehead mistake that would draw them out of the comfort of the shadows, and out in the national spotlight.
THE AFTERMATH
The fallout from the robbery was cataclysmic for the banking world. Fear and panic was spreading, and this triggered congressional hearings and investigations, including pressure on SWIFT, who maintained that it was user error and incompetence, not their software, that was to blame.
The $81 million was long gone, and could not be clawed back.
It was later uncovered that this cabal moved the money via armored cars and straight to Solaire Resort and Casino, where at the baccarat tables, the stolen wealth was converted into chips and "washed" clean.
Back in New York, the Fed pointed fingers at SWIFT, while SWIFT pointed back at the banks.
Swift finally caved to pressure and offered reforms to their systems, including "Multiple Authenticity" checks and secondary human authorization—often by phone—for unusual high-dollar transfers. It was a grand overhaul, and an inoculation to the Lazarus group, who had unwittingly empowered the very systems they meant to bring down.
Years later, in 2018, the U.S. Department of Justice filed criminal charges against Park Jin Hyok, officially linking the North Korean state to the robbery.
Hyok remains on the FBI's most wanted list, not just for the Bangladesh hack, but also for the Sony pictures hack in 2014, and the "Wannacry" ransom hack in 2017.
But a virus is a hell of a resilient thing, and Lazarus is more dangerous than ever, the group being deemed responsible for 76% of ALL global cryptocurrency theft.
In April 2026, the group was responsible for not one, but two major heists, one for $292 million and another for $285 million.
And whatever embarrassment the group suffered under the Fanndation blunder, has since been recovered, as the group cleared a staggering $1.46 Billion dollars from a cryptowallet by compromising a sign in interface.
Like a machine with a singular purpose, the group seems to show no sign of slowing down. It's just a matter of where, not when, they will strike again.
