“It’s SWIFT which is responsible for the theft of Bangladesh Bank Reserve. Some BB officials have also been negligent. And Federal Reserve Bank also cannot deny responsibility,” Mohammad Farashuddin, a former central bank governor, said on Sunday.

The investigation panel is yet to submit their full findings, but has submitted an interim report to the government.

In early February, hackers generated several instructions through SWIFT to transfer $101 million from Bangladesh Bank account in the Federal Reserve.

A transfer of $20 million to Sri Lanka was stopped but $81 million was parked in and beyond the Philippines.

The heist is being dubbed as one of the major cyber thefts the world has seen.

Police’s Crime Investigation Department, in charge of the case filed by the central bank, say the BB became more vulnerable to hacker when technicians from SWIFT connected a new bank transaction system to SWIFT messaging three months before the heist.

The global money transfer messaging network, however, has rejected the claims and said in a recent statement that banks are liable for their own security measures. It had later written to its other users conveying the same message.

Bangladesh Bank has appointed US-based cyber security firms World Informatix and FireEye to investigate the technical aspects of the heist.

On Friday, Reuters news agency, citing the US experts’ forensic report, said three hacking groups, including a ‘nation-state actor’ are ‘still lurking’ in Bangladesh Bank’s network.

Last week, Bloomberg News reported, citing the investigation by the US firms, that two of the three hackers group were from Pakistan and North Korea.

A Reuters report earlier said British cyber security firm BAE Systems gained evidence suggesting that hackers manipulated The Society for Worldwide Interbank Financial Telecommunication or SWIFT’s Alliance Access server software, which banks use to interface with its messaging platform, to cover their tracks.

Farashuddin’s remarks on Sunday were similar to what Reuters and Bloomberg have reported.

“The malware was developed in Pakistan and South Korea,” he said while replying to a query from reporters.

On Apr 20, the Farashuddin-led inquiry committee submitted its interim report, but Finance Minister AMA Muhith did not disclose its contents until the full report was available.

On Sunday, the media asked Farashuddin about their final report.

“We have suggested to press the Philippines’ RCBC bank to get back the stolen funds. Diplomatic channels are needed to be involved for that,” he said