A software chief of a Chinese bank reportedly found a loophole in his company’s system and managed to stealthily withdraw seven million yuan ($1 million) over the course of 14 months. When he was caught, he explained he was testing the system. Huaxia Bank bought it, but the authorities didn’t.
The South China Morning Post reports that Qin Qisheng was working at the bank’s Beijing technology development office when he figured out that withdrawals that were done at around 12:00 am didn’t register in the system. In November 2016, he reportedly inserted scripts in the operating system so he could exploit this flaw without setting off any alerts.
Then he reportedly started withdrawing chunks of money in the range of 5,000 yuan to 20,000 yuan ($1,023 to $4,099) with a test account. He didn’t tell his bosses and he put the money in his personal account and invested some of the money in stocks, according to the Post.
Qin was caught when a branch of the bank was performing a manual check last January and discovered the unusual activity from the test account that was withdrawing the money. Police detained Qin two months later. He told his employer that he was performing a security test.
According to the Post, a bank representative told a district court trying Qin that Qin’s “reason for not reporting is legitimate.”
“Qin Qisheng said that the matter was complicated and involved lots of work,” the bank representative told the court, according to the Post. “He believed the bank would not pay attention even if he reported it.”
Qin returned all the money to the bank, and the bank requested that law enforcement drop charges against Qin. But court documents reportedly show that the bank had stated Qin’s activities were in violation of its rules.
During the trial, the judge pointed out the contradiction of the bank’s statements. Deciding that Qin’s act of returning the money did not exonerate him, the court sentenced Qin to a 11,000 yuan fine (about $2,212) and ten and a half years in jail.