The following cases are intended to serve as historical cases and risk warnings to help everyone understand the operating methods of fraudulent activities, and are not intended to instigate, imitate or provide guidance for committing crimes. The following contents are compiled based on public reports and historical data: ───────────────────────────── 【Case 1: Bangladesh Central Bank SWIFT Fraud Case (2016)】 ■ Overview of the incident In 2016, the Bangladesh Central Bank, through its account at the Federal Reserve Bank of New York, was used by criminals to initiate multiple forged instructions using the SWIFT system in an attempt to illegally transfer more than US$1 billion. In the end, about US$81 million was successfully transferred, but most of the funds were blocked or recovered in subsequent tracking. ■ Fraud process (simplified description) 1. Penetration and breakthrough: Criminals invaded the communication channel between the Bangladesh Central Bank and the international SWIFT system through network attacks or obtaining account-related information. After obtaining the authentication information, they have the "qualification" to initiate legal format instructions. 2. Making forged instructions: Using the obtained permissions, criminals made SWIFT instructions with formats similar to normal operations. These instructions included content to transfer large amounts of funds from the central bank account to designated overseas accounts. The instructions were complete and met the format requirements, and to a certain extent escaped the initial screening of some systems. 3. Fund transfer and transit: The funds were first transferred from the Bangladesh Central Bank account through the Federal Reserve System and then entered the intermediary banking system. Criminals often choose to transfer to multiple decentralized accounts, or quickly disperse funds through money laundering techniques in order to cover the source of funds later. 4. Abnormal discovery and response: Due to the huge amount and the occurrence of abnormal instructions in a short period of time, the relevant institutions were suspicious. After subsequent cross-border cooperation tracking, part of the funds were eventually intercepted; in addition, this incident also exposed the loopholes of some countries in cross-border payment systems and network security protection. ■ Case warning This case highlights the weak links in the trust relationship between systems in the international financial system, as well as the importance of network security, internal control and cross-border collaboration. Financial institutions need to strengthen the system's two-factor authentication, real-time monitoring and abnormal alarm mechanism to prevent the risk of similar unauthorized instructions. ──────────────────────────────── 【Case 2: The collapse of Barings Bank and the Nick Leeson incident (1990s)】 ■ Overview of the incident Barings Bank was once a small investment bank with a long history in the world, but it eventually collapsed due to the high-risk, unauthorized transactions of an employee, Nick Leeson, which caused the bank to suffer huge losses. ■ Fraud process and loopholes 1. Loss of control of internal authority: Nick Leeson served as a dual-task trader and settlement officer within the bank, and the bank's internal monitoring and decentralization mechanism had serious defects. Due to the lack of relevant risk control measures, he was able to open and conceal a so-called "88888 account" in the internal system, which was specifically used to record those loss-making transactions. 2. Concealing losses and falsifying records: In the market fluctuations, Leeson accumulated huge unrealized losses through risky trading behaviors. In order to cover up the losses, he constantly played number games in the internal accounts, making it difficult for management to detect the backlog of risks in a timely manner. 3. Risk outbreak and chain reaction: As the losses accumulated, the transactions got out of control and the amount of losses far exceeded the bank's capital tolerance. When the truth was revealed, the bank could not recover and eventually went bankrupt. ■ Lessons from the case This case reflects not only a single fraud, but also a major loophole in internal governance and risk management. It reminds financial institutions that they must ensure internal separation of duties, improve multi-level supervision mechanisms, and establish independent and professional risk control departments to prevent the operational risks of individual employees from evolving into a systemic crisis for the entire institution. ──────────────────────────────── 【Other related notes】 In addition to the above two cases, there have been other fraud cases related to SWIFT and electronic payment systems around the world in recent years. The basic methods usually include the following links: • Information theft: Obtaining account or authentication information through phishing, Trojans, social engineering and other means. • System vulnerability exploitation: Exploiting loopholes in the bank's internal security mechanism, lax authority settings or lack of multiple verifications. • Rapid transfer of funds: Utilizing the transit bank system between countries around the world to achieve rapid flow of funds to avoid tracking. The cases show that the development of financial technology has brought convenience, but also provided opportunities for criminals. While constantly updating prevention measures, financial institutions and regulatory authorities also need to learn from historical experience and strengthen the whole chain of risk prevention and control and cross-departmental and cross-national collaborative combat mechanisms. ──────────────────────────────── 【Tips】 The above cases are all historical events, and their detailed processes have been publicly disclosed by the media, regulatory agencies and judicial organs. The main purpose of understanding these cases is to prevent risks, strengthen internal control systems and improve safety awareness, and they are never used as imitations or references for any illegal activities. I hope these cases can provide useful inspiration for everyone, and remember the importance of risk prevention and compliance operations.