A banking application bug has filled two Turkish brothers with over a billion dollars in their pockets

Today we have for you another example of how important it is to secure your applications and keep them as free as possible from any vulnerabilities. We also have a cautionary tale and advice – if you find it, you’d better report to the company rather than use it, because in the first case you will at least be able to count on praise or a cash reward. This is what two Turkish brothers in their 20s who exploited a banking app bug should have done so.

Two brothers took advantage of an error in the banking application by transferring a fortune to their account

A banking application bug allowed the aforementioned duo to execute around 70 transactions worth 16 billion lire from the bank’s investment account to their own account at a private bank. This is the equivalent of over a billion dollars, i.e. well over 4 billion zlotys. What was the gap itself? The possibility of withdrawing any amount of cash via the investment account (the same also applied to the brokerage account) connected to the bank’s mobile application.

Interesting Engineering recalls:

The younger brother told investigators that when he checked the account on February 26, he had no money on it. He then selected the ‘investment account’ option in the app when a menu popped up asking him to enter the amount of cash he wanted to withdraw. “I entered a random number and saw that the amount I entered was transferred to my account. I decided to try to enter more and each time this amount was transferred to my account. That was when we saw that we had roughly 16 billion in our account. “

The brothers then bought new smartphones with “non-existent” money, commissioned a luxury car, and then started playing Robin Hood, paying off the debts of relatives and even local residents. Over time, the bank contacted them, blocked their account and referred the case to law enforcement, and from the comments of “criminals” it appears that they did not take their feat very seriously.

Also read: NVIDIA has an ambitious plan with the Drive Map platform being developed for autonomous cars

According to their older brother, “they weren’t fooling anyone,” and it was the bank’s mistake not to block their account and allow them to use the vulnerability. Ultimately, the two brothers were detained but released after a judicial review and their bank accounts were frozen.