Qin Qisheng, 43, a senior programmer has been jailed for 10 and a half years for developing a way to withdraw more than US$1 million through ATMs as free cash.
Qin was a former technology department manager in China based Huaxia Banks. He spotted a hole in the bank core operating system allows unrecorded cash withdrawals during midnight.
The flaw was discovered by Qin back in 2016 and in the same year November he added some additional scripts which allow him to test the vulnerability without triggering alerts.
He managed to withdraw between 5,000 yuan and 20,000 yuan in years from bank dummy account used for testing and January 2018 he had amassed over seven million yuan which is equal to million US dollars without reporting to his superiors, reported by South China Morning Post.
Qin deposited the money to his own bank account and invested some in the stock market, the problem is that the system was designed without considering night trading.
The Bank accepted Qin explanation of testing the system for loopholes, but authorities denied it and he was jailed of theft and sentenced him 10 and half years in jail with a fine of 11,000 yuan.
“The bank said that the accused’s behavior was in violation of the rules. On the other hand, he said that he could conduct relevant tests. This is self-contradictory.”
“This irregular activity in the dummy account was detected and verified during a manual check at a subsidiary branch in Cangzhou, Hebei in January last year and the bank reported the incident to relevant authorities.”
Huaxia Bank bank asked authorities to drop the case as Qin recovered all the money, but the authorities denied saying the request was not accepted as “legitimate” by law enforcement, and therefore Qin must serve his sentence.
Last December a new tool called KoffeyMaker cybercriminals to steal money from ATM by connecting a laptop with the ATM machine cash dispenser.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.
Multinational engineering and technology services firm Tata Technologies has reportedly fallen victim to a significant…
U.S. authorities announced the seizure of $31 million tied to the 2021 Uranium Finance decentralized…
Imagine a government that tracks your daily movements, monitors your communications, and catalogs your digital…
A recently disclosed vulnerability in Docusnap's Windows client software (CVE-2025-26849) enables attackers to decrypt sensitive…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2018-8639, a decade-old Microsoft Windows privilege…
Google’s March 2025 Android Security Bulletin has unveiled two critical vulnerabilities—CVE-2024-43093 and CVE-2024-50302—currently under limited,…