Investigators examining the notorious $101 million cyber heist on the Bangladesh Bank said Tuesday that the case is not closed, despite the conviction last week of the only person so far indicted.

Bangladesh bank heist

Maia Deguito was sentenced last week for her role in the heist, while charges against eight RCBC employees are pending, but who were to the main perpetrators of the theft? (Image: Mark R. Cristino/EPA)

On January 10, Maia Deguito, a former manager at Rizal Commercial Banking Corp’s (RCBC) Jupiter Street branch in Manila, was convicted on eight counts of money laundering and sentenced to four to seven years in prison by a court in the Philippines.

She was fined $109 million for her role in the theft, which involved her diverting around $81 million into the Philippine casino system where most of it quickly disappeared.

How the Heist Went Down

On February 5, 2016, hackers targeted the New York Federal Reserve Bank with 35 requests for transfers totaling almost $1 billion from an account owned by the Bangladeshi government. Having introduced malware into the Bangladesh Central Bank’s (BCB) servers, the perpetrators were able to pose as Bangladeshi bank officials in order to authorize the transactions at a time when they knew BCB’s offices would be closed.

Five of the 35 transactions, totaling around $101 million, were processed before the Fed Reserve smelled a rat and blocked the remainder. Some $20 million of this money was subsequently traced to Sri Lanka and quickly recovered, while the remainder ended up in four RCBC accounts which had been opened on the same day under fictitious names.

Deguito transferred the money to remittance company Philrem, which changed it into Philippine pesos and wired it back. Philrem executives have been cleared of involvement by investigators.

The DOJ confirmed yesterday that criminal money laundering charges against six other RCBC employees remain pending and that it hoped to issue indictments.

Where are Gao and Ding?

Also cleared earlier in the investigation was the initial main suspect, the Chinese-Filipino casino manager and junket operator Kim Wong, who voluntarily attended a hearing of the Philippine Senate to explain how $21 million of the stolen money ultimately ended up in various accounts he controlled.

Wong said the money had been given to him by two high-rolling casino junket agents Gao Shuhua and Ding Zhize. The pair owed him $10 million in gambling debts, he said, which they paid him, while the rest was converted into chips for VIP gamblers. Wong has since repaid the $15 million, while Gao and Ding have disappeared without a trace.

Philippine authorities believe Gao and Ding cooked up the fake bank accounts with the help of Deguito and washed the money through Philippine casinos.

 A Fortune report of August 2017 suggested the two junket agents had been arrested by Chinese authorities in the aftermath of the heist, but it’s also possible Gao and Ding could be in North Korea.

The US National Security Agency’s deputy director Richard Ledgett thinks so, saying in 2016 he believed there was a “forensic” link from the Bangladesh Bank hack to North Korean agents.

“If that’s true, then that says to me that the North Koreans are robbing banks. That’s a big deal,” he said.