Bangladesh Bank Heist: Whistleblower Claims Cover-Up A Decade Later, Placing Insider System in the Crosshairs

A decade has passed since the orchestration of the 2016 Bangladesh Bank reserve theft, one of the world’s most sensational cyber-enabled financial crimes. Ten years after the incident, an explosive interview by a top technology expert involved in the initial investigation has renewed international intrigue. Cyber security specialist Tanvir Hasan Zoha, who served as an external technical adviser to law enforcement agencies, has alleged that crucial evidence was covered up and that he faced immense pressure to steer the investigation toward a predetermined conclusion.

Simultaneously, following a decade-long investigation, Bangladesh’s Criminal Investigation Department (CID) is finalizing preparations to file formal charges in court against 64 local and foreign suspects, including former central bank governor Dr. Atiur Rahman.

In a lengthy broadcast interview with an international news channel this week, Tanvir Hasan Zoha stated that from the very beginning, there was a calculated effort to frame the incident solely as a ‘foreign hacking attack,’ a narrative that heavily contradicted the actual evidence on the ground.

According to Zoha’s account, vital pieces of evidence critical to the investigation mysteriously vanished or were withheld:

* Missing CCTV Footage: Crucial surveillance camera footage from the time of the theft and original system records were never provided to the investigators.

* Premature Server Removal: A core SWIFT server linked to the incident was abruptly removed and sent abroad for examination before local authorities could formally secure it as legal evidence.

* Hasty Transfer of Personnel: Key personnel connected to the system were hastily transferred to other departments before the investigation team could question them.

Zoha claimed that he discovered clear indications that USB devices were connected to highly sensitive systems that were supposed to be completely isolated from external networks or internet access.

‘Such findings do not point toward a purely remote cyberattack launched from afar; rather, they serve as strong indicators of the possibility of insider involvement.’ — Tanvir Hasan Zoha.

The cyber expert alleged that after uncovering clues pointing to an inside job, he faced intense pressure from senior officials to alter his findings and describe the incident solely as an external hacking attack, regardless of the evidence.

Following these events, Zoha’s sudden and controversial disappearance in 2016 drew international headlines and sparked widespread concerns among global human rights organizations. A decade later, Zoha opened up about the details of his detention.

He revealed that he was initially taken into custody by intelligence officials under the pretext that his life was under threat. He was subsequently shuffled between different security agencies and detained for weeks, where he faced repeated interrogations regarding his findings and motives. Zoha noted that senior officials appeared primarily concerned with political accountability at the highest levels of government, specifically questioning him on whether then-governor Dr. Atiur Rahman should be held responsible for the scandal.

Meanwhile, Bangladesh’s Criminal Investigation Department (CID) is finally moving to resolve the long-standing legal deadlock. The agency has finalized the charge sheet against 64 individuals, including former governor Dr. Atiur Rahman and nine other Bangladeshi officials, for their alleged involvement in the $101 million theft. CID sources indicated that the suspects are being placed under close surveillance, and travel bans may be sought to prevent them from leaving the country before the formal charges are submitted.

In 2016, hackers attempted to siphon nearly $1 billion from Bangladesh Bank’s account at the Federal Reserve Bank of New York. While most transfers were blocked, they successfully routed $101 million. Although $20 million sent to Sri Lanka was recovered, $81 million entered the Philippine banking and casino systems and was never fully recovered.

While many of Zoha’s retrospective allegations remain unverified and would require independent corroboration- and the individuals and institutions mentioned have not publicly responded to the specific claims- the interview has successfully reignited global debates on financial security systems.

A decade later, Zoha’s testimony, coupled with the CID’s imminent charge sheet suggests that the Bangladesh Bank heist was not merely a display of international cybercriminal expertise, but rather a symptom of deeper systemic failures in institutional accountability, cybersecurity, and transparency.

##########

The Writer:

Asif Showkat Kallol: Works for a German-based online outlet, The Mirror Asia, as Head of News and is a Contributor at Pressenza- Dhaka Bureau.