Update April 28, 2022: Bangko Sentral will SANCTION BDO and Union Bank over December Hacking Incident (Nagoyo Scam)
As per CNN: The BSP said this was the decision after it concluded its investigation of the hacking incident. The BSP has yet to state what or how much the penalty will be.
“This incident is a reminder that we should continue to enhance our defenses against cyberthreat actors to protect the integrity of the financial system and the interests of depositors,” said BSP Governor Benjamin Diokno.
Original Article Follows:
Following reports of hacked BDO Unibank Inc. accounts, Luis Buenaventura II, founder of cryptocurrency exchanger BloomX, country manager of gaming firm Yield Guild Games and a regular BitPinas Contributor, shared his views about the incident through a Facebook post.
According to a report by Manila Bulletin, the hack that happened last week, December 9-11, BDO accounts were hacked by cybercriminals, stealing from P25,000 thousand to P50,000 pesos per account. The money stolen from BDO accounts were transferred to the scammer named “Mark D. Nagoyo” which has multiple UnionBank accounts.
Moreover, the siphoned amount from the victims were believed to be used to buy Bitcoin, the leading cryptocurrency. Following this, a source confirmed to Manila Bulletin that a UnionBank Account, #1094211022533, was used to buy Bitcoin worth P5M pesos from the cryptocurrency market on December 11.
However, Buenaventura implied in his post that neither crypto nor UnionBank should be blamed for this mishap.
“The one place I disagree with the reportage is when Samaniego writes that “Unionbank is the cybercriminals’ favorite bank because it has no limit on its transactions.” I’d argue that the reason cybercriminals choose UB is because the ENTIRE crypto community does, due to its blockchain-friendly policies,” Buenaventura wrote. Samaniego noted Buenaventura’s comment and mentioned about updating the published article on Manila Bulletin.
He noted that there are many legitimate reasons to need higher transaction limits but “implying that UB is a bank for criminals isn’t helpful in this conversation.”
“At best, it’s unnecessarily provocative. At worst, it will compel UB to lower its transaction limits and create bottlenecks for customers with real high-volume use cases,” Buenaventura added.
Further, the crypto community has also shared their thoughts across several comment sections on Facebook regarding the issue. They pointed out that it seems BDO is blaming UB for their poor cyber security.
“It’s BDO’s fault (that) they can be easily hacked. There’s a lot of p2p using UB but (there) wasn’t any of them (that) are hacked,” a crypto enthusiast commented.
Another individual expressed their disappointment regarding UnionBank and cryptocurrency taking the blame, stating that, “ it’s BDO’s fault for having poor security. This isn’t the first time they’ve been hacked, they’ve been hacked even before crypto became popular.”
Others even took the chance to suggest and promote the use of blockchain technology claiming that it’ll be safer than the traditional ways. Essentially, a blockchain is a digital ledger of transactions that is duplicated and distributed across the entire network of computer systems on the blockchain.
On the other hand, in the same article, it was confirmed that when you transfer money, the names are irrelevant to the bank, making the thieves harder to track.
“We found about twenty names and account numbers used by the scammers to receive money from BDO victims. Ellard Chua (one of the victims) said when you transfer money, the names are irrelevant to the bank. What’s important is the correct account number that would receive the transfer. True enough, when we checked, one of the victims’ accounts, transferred money to an account with a name that says GDHDVD HDJDHDH V verifying what Ellard Chua said that account names are irrelevant in money transfer transactions,” Samaniego wrote in Manila Bulletin.
In a statement, BDO acknowledged the “sophisticated fraud technique” and assured their account holders that they have already implemented additional security measures. Furthermore, the bank said it will reimburse their customers’ losses.
“We assure you that we have already implemented additional security controls to block further attempts and continue to protect bank credentials. Most recently, we have required our online banking users to update their passwords,” said BDO.
BDO stated that changing the password improves account security and prevents fraudsters from accessing their clients’ hard-earned money.
“Cybersecurity is a focal point of the banking sector. We at BDO are continuously investing and working towards improving our security infrastructure to protect our clients’ money. While we have put back-end measures in place, we appreciate our clients’ continued vigilance to combat fraud,” BDO added.
This article is published on BitPinas: Crypto Community Reacted to BDO Hacking Incident