A lead investigator probing the cyber-heist at the Bangladesh central bank, which saw thieves successfully steal $81m (£56m) from its account at the New York Federal Reserve back in February, has claimed insiders at the financial institution were complicit in the crime.
Mohammad Shah Alam, an expert forensic investigator working for the Bangladesh police, claimed to have evidence showing insider officials had "knowingly created vulnerabilities" in the bank's connection to Swift – the messaging and payments system used by over 10,000 financial firms.
Alam indicated the scheme was an international operation but declined to say how many suspects were involved or reveal their identities.
"Bangladesh bank's Swift network was made insecure by some bank employees in connivance with some foreign people," he said. "They knew what they were doing."
Speaking to Reuters, he said police in the region are now probing if any other banking officials had benefitted financially from the unprecedented hack.
The investigator added that arrests in relation to the case are "very close" but did not elaborate on an exact timescale.
A separate police contact, who also spoke to Reuters on condition of anonymity, claimed that "over 100" employees from the Bangladesh bank had been interviewed about connections to the heist and that some were banned from leaving the country.
The central bank's spokesperson and the New York Fed both declined to comment on the revelations. In previous statements, released after the hack first came to light, Swift maintained its core systems were not compromised by the cybercriminals responsible.
The identities of the hackers remains unknown, however investigators have been able to follow the money trail to uncover further details about the heist.
Analysis suggests that the pilfered cash was transferred to four accounts at the Rizal Commercial Banking Corporation based in the Philippines and later laundered through a series of under-regulated casinos.
Earlier this month, the bank successfully recovered $15.25m of the hijacked $81m from a casino boss called Kim Wong, owner of the Eastern Hawaii Leisure Company. Wong surrendered the stolen money to the government and claimed he obtained it from two "Chinese high rollers".
An anti-money laundering watchdog in the Philippines' recently filed criminal charges against five officials of the Rizal Commercial Banking Corporation, as well as a former treasurer called Raul Tan, for "wilfully" ignoring suspicious activity that led to the heist.
Evidence suggests the cyber-heist orchestrated in Bangladesh was not an isolated incident. Recently, officials from Swift, or the Society for Worldwide Interbank Financial Telecommunication, confirmed a "meaningful" number of other attacks had taken place since February.
"The threat is very persistent, adaptive and sophisticated – and it is here to stay," Swift officials said in a letter seen by Reuters. It added: "We unfortunately continue to see cases in which some of our customers' environments are being compromised."
Back in August, top officials at Swift admitted there had been concerns about cybersecurity vulnerabilities in customer terminals "for years" – issues that were reportedly ignored.
However, the hack itself was only made possible by a series of blunders, including a number of "red flags" allegedly missed by the New York Fed and the Bangladesh bank itself relying on cheap routers and computer systems lacking adequate firewall protection.