{"id":27654,"date":"2020-08-24T17:37:47","date_gmt":"2020-08-24T14:37:47","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=27654"},"modified":"2025-08-26T22:19:30","modified_gmt":"2025-08-26T19:19:30","slug":"bank-of-russia-records-first-case-of-funds-theft-via-the-faster-payments-system","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/bank-of-russia-records-first-case-of-funds-theft-via-the-faster-payments-system\/","title":{"rendered":"Bank of Russia records first case of funds theft via the Faster Payments System"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">The Center for Monitoring and Responding to Cyber Attacks in the Banking and Financial Sector (FinCERT) of the Bank of Russia has identified a new method of funds theft via the Faster Payments System (SBP). This is the first known theft of funds using the system, according to Kommersant.<\/span><!--more--><\/p>\n<p><span style=\"font-weight: 400;\">Attackers exploited a vulnerability in one of the bank&#8217;s systems, the name of which is not disclosed. They managed to obtain client account data by brute-force enumeration, using undocumented API capabilities.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Having authenticated as clients, the attackers launched the bank\u2019s app in debug mode and sent a request to transfer funds to an account at another bank.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Before executing the transfer, instead of the sender\u2019s account, they specified the account number of another customer of that bank. The system did not verify who owned the account and issued the SBP instruction to transfer funds.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Bank of Russia confirmed the existence of the problem and said that the vulnerability has been fixed. Official representatives stressed that it did not affect the system software and that the SBP itself remains reliable.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The central bank remains confident that the SBP will meet the demand for fast payments.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Precisely the ability to conduct fast payments was cited by Bank of Russia head Elvira Nabiullina as explaining the popularity and growth of cryptocurrencies.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">According to some ForkLog experts interviewed, SBP and digital assets are intended for entirely different purposes and therefore cannot compete with each other.<\/span><\/p>\n<p>Subscribe to ForkLog news on Telegram: <a href=\"https:\/\/t.me\/forklogfeed\" target=\"-blank\" rel=\"nofollow noopener noreferrer\">ForkLog Feed<\/a> \u2014 full news feed, <a href=\"https:\/\/telegram.me\/forklog\" target=\"-blank\" rel=\"nofollow noopener noreferrer\">ForkLog<\/a> \u2014 the most important news and polls.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Center for Monitoring and Responding to Cyber Attacks in the Banking and Financial Sector (FinCERT) of the Bank of Russia has identified a new method of funds theft via the Faster Payments System (SBP). This is the first case of funds theft using the system, according to Kommersant.<\/p>\n","protected":false},"author":1,"featured_media":26216,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[345,1229,1301],"class_list":["post-27654","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-bank-of-russia","tag-banks-and-fintech","tag-blockchain-vulnerabilities"],"aioseo_notices":[],"amp_enabled":true,"views":"9","promo_type":"1","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/27654","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=27654"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/27654\/revisions"}],"predecessor-version":[{"id":27655,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/27654\/revisions\/27655"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/26216"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=27654"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=27654"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=27654"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}