Hackers broke into the Bangladesh central bank’s account at the Federal Reserve Bank of New York and succeeded in moving $100 million out of it before a spelling mistake tripped up their efforts.

The cyber thieves, using the Bangladesh Bank’s credentials for transferring funds, tried to move another $850 million out of the US account, but one of the transfer requests raised an alarm when the word “foundation” was misspelled as “fandation.” The error was spotted by Deutsche Bank—one of the routing banks—which then asked the Bangladesh Bank for clarification, officials told Reuters. The central bank confirmed the attempted theft on March 13. But it had not immediately informed Bangladesh’s finance ministry when it learned of the breach, prompting finance minister Abul Maal Abdul Muhith to call the handling of the issue “very incompetent.”

The episode already has claimed the job of Atiur Rahman, governor of the Bangladesh Bank, who resigned March 15. He had headed the bank for seven years and was planning to retire in September.

The money the hackers succeeded in moving was reportedly transferred to accounts in Sri Lanka and the Philippines.

The recovery

Authorities in both Bangladesh and the Philippines are on the lookout for the cyber criminals, but it is unclear how much of the stolen money can be recovered.

“Our investigators have been working for about two weeks to recover the stolen funds and we have been able to recover some of it with the help of authorities in Manila,” Muhammad Asaduzzaman, a spokesperson for the Bangladesh Bank, told the Wall Street Journal (paywall) last week.

On March 15, a senator in the Philippines who was investigating the theft said that more than $30 million of the stolen funds were given to a Chinese man in Manila, in cash. Reuters reported that the cash delivery would have meant a transfer of “at least 780,000 banknotes.”

The Anti-Money Laundering Council in the Philippines is in the process of drafting charges against several people suspected of being involved in the theft.

Meanwhile, the New York Fed has said there is still no evidence that its systems were penetrated. It indicated that the transfer requests passed muster with SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, which is the global messaging network used by banking institutions to securely send information about financial transactions. From the New York Fed’s March 9 statement: