Programmer with Chinese bank jailed for exploiting bug in bank system to siphon $1 million over 2 years

By Digit NewsDesk | Published on 06 Feb 2019

A senior programmer with the Huaxia Bank managed to transfer over seven million Yuan from the financial institution to his account by inserting scripts in the system to exploit a bug.

Programmer with Chinese bank jailed for exploiting bug in bank system to siphon $1 million over 2 years

Want to modernise your banking loan application?

Build an application that analyses credit risk with #IBMCloud Pak for Data on #RedHat #OpenShift

Click here to know more



  • Qin Qisheng was a programmer with the Huaxia Bank
  • He reportedly stole over $1 million by exploiting a bug in the bank’s core system

As per a report by The South China Morning Post, via The Verge, Qin Qisheng, a 43-year-old senior programmer with the Huaxia bank managed to siphon off $1 million from the financial institution over a period of two years by exploiting a bug in the company’s core operating system. While the bank forgave the employee as he cited that he was simply testing the flaws in the system, he was still jailed. As per the report, because of the bug, cash withdrawals done around midnight were not recorded in the bank’s system. While this scenario should typically throw an error saying the transaction has failed, Qin inserted some scripts in the system so that there would be no such an alert. The bug has since been fixed.

Qin reportedly proceeded to withdraw money from the bank in amounts ranging between 5,000 and 20,000 Yuan (Rs 53,052 approx - Rs 2,12,211 approx) using a dummy account that the bank uses for testing its systems. This resulted in the withdrawal of over seven million Yuan by January 2018 from the bank. Qin is said to have deposited the amount in his own bank account and invested some of it in the stock market. When the unauthorised activity from the dummy account was detected, it was reported to the bank, which in turn alerted the authorities. Qin was arrested, found guilty by the court and sentenced to 10 and a half years in jail with a fine of 11,000 Yuan (Rs 1,16,745 approx). 

When Qin said that he was simply testing the internal security of the system, the Huaxia bank accepted his explanation and asked the court to pardon him. However, the authorities disagreed and said that the institution itself previously stated that his activities were in violation of formal procedures. “On the one hand, [the bank] said that the accused’s behaviour was in violation of the rules. On the other hand, he said that he could conduct relevant tests. This is self-contradictory,” said the judge. Qin returned the entire amount before being arrested. 

Related Reads:

ES File Explorer security flaw can aid hackers to leak data on Android devices: Researcher

Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry. Protection Status