BDO Unibank 'Mark Nagoyo' account-takeover fraud
Over 700 customers of the Philippines' largest bank, BDO Unibank, lost money through unauthorized online transfers routed to UnionBank accounts under the alias 'Mark Nagoyo'; five suspects were later arrested and BDO reimbursed victims.
- Victim
- BDO Unibank (Banco de Oro)
- users
- 700
In late 2021, BDO Unibank (Banco de Oro) β the largest bank in the Philippines by assets β suffered a wave of fraudulent online transfers that drained money from the accounts of more than 700 customers. The funds were funnelled into multiple UnionBank accounts opened under the alias "Mark Nagoyo," a play on Filipino slang for "just joking."
What happened
Between late November and early December 2021, victims reported that money had vanished from their BDO online-banking accounts. Individual losses ranged from roughly β±25,000 to β±50,000, and in at least one case a single compromised account was used to receive β±5 million, which was promptly converted into Bitcoin on 11 December.
What unsettled customers and investigators alike was that many victims insisted they had not clicked any suspicious links and had received no one-time password (OTP) alerts β yet transfers exceeding normal daily limits still went through. This pointed to compromised credentials combined with weaknesses in transaction authentication and fraud monitoring.
How it worked
Investigators concluded the scheme was driven primarily by phishing and social engineering: harvested online-banking credentials were used to log in and initiate transfers to a network of mule accounts at another bank. The recipient accounts under "Mark Nagoyo" served as a relay before funds were dispersed or converted to cryptocurrency, complicating recovery.
Arrests
On 21 January 2022, the National Bureau of Investigation (NBI) arrested five suspects tied to the scheme: two Nigerian nationals β Ifesinachi Fountain Anakwe and Chukwuemeka Peter Nwadi β and three Filipino accomplices. The Bangko Sentral ng Pilipinas (BSP) had earlier identified two to four core perpetrators, and fewer than ten receiving accounts were frozen during the investigation.
Impact and response
On 12 December 2021, BDO publicly acknowledged the fraud and, two days later, pledged to reimburse all affected customers and strengthen its security infrastructure. The BSP β the central bank and banking regulator β launched its own investigation and pressed banks to harden authentication and fraud controls.
Why it matters
The "Mark Nagoyo" incident is the Philippines' defining digital-banking fraud case. It struck the country's largest bank during a pandemic-driven surge in online banking and exposed gaps in credential protection, transaction monitoring and OTP-based authentication. The case accelerated BSP-led reforms β including stricter fraud-management and customer-reimbursement expectations β and remains a reference point for account-takeover risk in Philippine retail banking.
Timeline
Unauthorized transfers begin draining funds from BDO online-banking accounts.
One compromised account is used to receive 5 million pesos, which is converted to Bitcoin.
BDO publicly acknowledges the fraud and pledges to reimburse affected customers.
BDO formally announces reimbursement and security upgrades; the BSP investigates.
The NBI arrests five suspects β two Nigerian nationals and three Filipinos β linked to the 'Mark Nagoyo' scheme.
Sources
- en.wikipedia.orghttps://en.wikipedia.org/wiki/2021_Banco_de_Oro_hack
- rappler.comhttps://www.rappler.com/business/bdo-clients-lose-money-due-alleged-online-banking-hack/
- rappler.comhttps://www.rappler.com/business/bdo-hackers-arrested-nbi/
- privacy.gov.phhttps://privacy.gov.ph/wp-content/uploads/2025/10/NPC-SS-21-023-2024.06.05-In-Re-Alleged-Personal-Data-Breach-of-BDO_Decision.pdf