Bank Forgives Programmer Who Withdrew $1M in Cash after Finding ATM Flaw


Staff member
Aug 20, 2006
Qin Qisheng, a senior programmer at Chinese Bank Huaxia, has been jailed for 10 and a half years after taking advantage of “a loophole in the bank’s core operating system that meant cash withdrawals made around midnight were not recorded.” Mr. Qisheng, who was evidently unhappy with his employer’s pay, ultimately managed to collect $1M before he was caught by a manual check. While the bank “accepted his explanation that he had simply been trying to test its internal security and the cash was just resting in his own account before he returned it to his employers,” the courts demanded punishment.

Qin discovered the flaw in the system in 2016 and in November that year he inserted a few scripts in the banking system which he said would allow him to test the loophole without triggering an alert. For more than a year he made cash withdrawals of between 5,000 yuan and 20,000 yuan (US$740-US$2,965) from a dummy account the bank used to test its systems. By January 2018 he had amassed over seven million yuan – the equivalent of just over a million US dollars – without telling his superiors what he was doing.


[H]F Junkie
Dec 15, 2003
Why would you test a security hole for over a year? All without letting someone else know?

He simply got caught before he could make plans to get out of the country with his new fortune (that or he got overconfident / complacent and greedy).


Aug 24, 2018
So, in other words, they punish for doing domestic crimes but reward them for doing international crimes.
Sound familiar, seem normal.

Dont get caught with hand in cookie jar, but if you do then deny deny deny deny often work, which is the most amazing thing of all.


Supreme [H]ardness
Nov 7, 2005
Yeah. "Testing". Sure.

I wonder what the ATM limits are over there though... because if it was the US, and you can only do a single transaction of $500 right at the magic window.... you'd have to pull that trick 2000 times and not get caught. Thats every night for 5 and a half years. That is WAY too many times to not get caught by a random element.

Honestly I'd get tired of doing it that many times.

OK so the article says "US$740-US$2,965" per transaction. Even at the maximum amount, it would be 337+ transactions.

It also says he " had returned all the money to the bank before his arrest, it was not enough to spare him". Wait, so he returned all the money with a semi-valid explanation BEFORE he got caught? Hmmmmm. And the bank accepted his story and declined to press charges, but the court still did. Sounds like he didn't have a good enough lawyer (however that works in China anyway).


Nov 15, 2016

For more than a year he made cash withdrawals of between 5,000 yuan and 20,000 yuan (US$740-US$2,965)
WOW.. he was able to withdraw up to $3K at a time?