By Michael O'Boyle
MEXICO CITY (Reuters) - Thieves siphoned hundreds of millions of pesos out of Mexican banks, including No. 2 Banorte, by creating phantom orders that wired funds to bogus accounts and promptly withdrew the money, two sources close to the government's investigation said. Hackers sent hundreds of false orders to move amounts ranging from tens of thousands to hundreds of thousands of pesos from banks including Banorte, to fake accounts in other banks, the sources said, and accomplices then emptied the accounts in cash withdrawals in dozens of branch offices.
One source said the thieves transferred more than 300 million pesos ($15.4 million). Daily newspaper El Financiero said about 400 million pesos had been stolen in the hack, citing an anonymous source.
It was not clear how much of the money transferred was later withdrawn in cash. Some of the attempts to fraudulently transfer funds were blocked, the sources said.
Mexico's central bank Governor Alejandro Diaz de Leon told journalists late Monday that the attack on the payment system was unprecedented and that he hoped that measures being taken would stop future incidents.
"There's no evidence that would allow us to say with certainty that this is over," he said. "We're taking corrective and mitigating action."
Diaz de Leon declined to name banks or confirm amounts stolen, but said the central bank is still investigating what happened.
He later said in a radio interview that all the evidence, which is so far only partial, pointed to a cyberattack. Lorenza Martinez, head of Banxico's payment system, told Reuters on Friday that five institutions saw "unauthorized transfers."
Inter-bank transfers slowed in later April, feeding worries that Latin America's second biggest economy could be the latest victim in a global wave of cyber attacks.
Hackers may have had help inside bank branches, since such big cash withdrawals are uncommon, one source said.
"In terms of the security of the bank's offices, I think that is part of the analysis that each bank is doing," Martinez said.
He said that the central bank's SPEI interbank transfer system was not compromised but that the problem had to do with software developed by institutions or third-party providers to connect to the payment system.
Many banks have migrated to an alternate, slower technology to connect to the payment system, she said.
A Banorte spokeswoman declined to answer questions from Reuters on Monday, and pointed to a May 9 statement from the bank that said clients' deposits were not affected by the "incident."
Mexico's SPEI system is a domestic network similar to the SWIFT global messaging system that moves trillions of dollars each day. Hackers have used SWIFT connections to attack banks around the world.
The central bank also said that no clients had been affected so far. Martinez said that the transfers hit accounts of financial institutions in the central bank.
(Reporting by Michael O'Boyle; Editing by Lisa Shumaker and Darren Schuettler)