When Hagoda Gamage Shalika Perera, a small Sri Lankan businesswoman, got a deposit of $20m in her account last month, she said the funds were expected but had no idea they were stolen from Bangladesh's central bank in one of the largest cyber heists in history.
Unknown hackers breached Bangladesh Bank's systems between February 4 and February 5 and tried to steal nearly $1bn from its account at the Federal Reserve Bank of New York.
Many of the payments were blocked. But $20m made its way to Perera’s Shalika Foundation before the transfer was reversed. Bangladesh central bank officers said they acted after a routing bank, Deutsche Bank, sought clarification on the transfer because hackers misspelled the company’s name as “Fundation.”
Another $81m was routed to accounts in the Philippines, and diverted to casinos there, where the trail runs out.
The Philippines Senate is holding hearings in the case, but until now, few details had emerged on the Sri Lanka link.
In her first public comments on the case, Perera, a struggling businesswoman who heads Shalika, said she expected $20m to come from the Japan International Cooperation Agency (Jica) to help fund a power plant and other projects in Sri Lanka. She said she had no direct dealing with Jica, but the deal was arranged by an acquaintance who she met in Sri Lanka but had connections in Japan.
Shalika was set up in October 2014 and says in its registration documents that it constructs low-cost houses and provides other social services.
Jica, a Japanese government agency that provides official development assistance, said it has no ties with Shalika Foundation, including through any intermediaries.
“We have had no exchange with them, and that includes such areas as loans and grants,” Jica spokesman Naoyuki Nemoto said.
The Sri Lankan police’s criminal investigation division declined to comment because probe is ongoing.
‘Genuine people’
“We are very genuine people. We are not doing any illegal things,” said Perera, 36, in an interview in Colombo, the Sri Lankan capital.
Perera said she now thinks the acquaintance was either a victim of the hackers or in league with them, and she was hoodwinked into becoming a part of their scheme.
She showed a copy of an inward remittance advisory from the SWIFT bank messaging system to put the $20m in her company’s account. The remitting entity was shown as a Bangladesh government electricity agency that had taken a loan from Jica in 2010 to fund an electricity project.
The head of the Bangladesh Rural Electrification Board, Brigadier General Moin Uddin, said it was “ridiculous” to think that the money could have come from them.
Police have questioned Perera’s acquaintance, according to an investigation report filed in the Colombo Magistrate’s Court on Thursday. The man told authorities that a Japanese middleman had helped arrange the funding, according to the report.
The report provided the names of Perera’s acquaintance and the Japanese middleman. Reached by phone, the middleman said he was travelling and unable to provide immediate comment.
The court has ordered a travel ban on Perera, her husband, the acquaintance and four other people listed as directors of her company.
Perera maintains she is innocent and describes the government’s move as “an injustice”.
In early February, Perera said her acquaintance, who had been helping her for more than a year to meet investors, told her to expect $20m from JICA. Under their agreement, the payment would be split, between her power plant project and a housing project controlled by her acquaintance, she said.
