Programmer manages to steal a whopping $XNUMX million from an ATM after finding and exploiting a ridiculous loophole program of ATMs.
Sounds like something out of a movie. A disgruntled bank planner discovers the perfect plan to make an ATM withdraw money without charging it to anyone.
But this story is true. The South China Morning Post and Daily Economic News of China report that Qin Qisheng, 43, managed to withdraw over 7 million yuan (over US$1 million) from an ATM operated by his employer bank, Huaxia Bank, by exploiting a loophole.
According to reports, the system of the bank does not correctly record withdrawals made around midnight, resulting in giving cash without removing the total from the user's account. Normally, this would raise a red flag in the system that a transaction has failed, but Qisheng allegedly injected a script into the program and silenced these alerts.
Qisheng started withdrawing money from November 2016 until January 2018, and after about 1.358 withdrawals the bank discovered the bad code in its system and notified the authorities to arrest him.
The sequel is perhaps the most amazing part of this story. Qisheng returned the money and the bank no longer wanted to pursue him. He may have feared bad publicity (apparently the window is already closed), so Huaxia Bank asked the police to drop the case, accepting Qisheng's excuse that he was just testing the bank's security and holding the money to ask for it. bank !!!.
However, the court refused and Qisheng faces up to 10,5 years in prison. They were not convinced by the argument, considering that the accused had transferred the money to his personal bank account, and not to a fake bank account, because he was investing the money in the stock market.
it's not the first time which ATMs are made target of smart developers. Today's story, however, is particularly fragile with the concurrence of perpetrator and victim views.