Thieves siphoned hundreds of millions of pesos out of Mexican banks, including No. 2 Banorte, by creating phantom orders that wired funds to fake accounts and promptly withdrew the money, two sources close to the government's investigation said.
Hackers sent hundreds of false orders to move amounts ranging from tens of thousands to hundreds of thousands of pesos from banks including Banorte, to fake accounts in other banks, the sources said, and accomplices then emptied the accounts in cash withdrawals in dozens of branch offices.
One source said the thieves made off with more than 300 million pesos ($15.4 million). Daily newspaper El Financiero said about 400 millions pesos had been stolen in the hack, citing an anonymous source.
Lorenza Martinez, head of Banxico's payment system, told Reuters on Friday that five institutions saw "unauthorized transfers," but she stopped short of calling it a cyber attack.
Inter-bank transfers slowed in later April, feeding worries that Latin America's second biggest economy could be the latest victim in a global wave of cyber attacks.
Hackers may have had help inside bank branches, since such big cash withdrawals are uncommon, one source said.
"In terms of the security of the bank's offices, I think that is part of the analysis that each bank is doing," Martinez said.
Martinez said that the central bank's SPEI interbank transfer system was not compromised but that the problem had to do with software developed by institutions or third-party providers to connect to the payment system.
Mexico's SPEI system is a domestic network similar to the SWIFT global messaging system that moves trillions of dollars each day. Hackers have used SWIFT connections to attack banks around the world.
The central bank and banks have said that no clients had been affected so far. Martinez said that the transfers hit accounts of financial institutions in the central bank.
© 2022 Thomson/Reuters. All rights reserved.