The February theft led the Bangladesh central bank's chairman to resign, and added to worries about the security of online bank data.
In a letter to the Fed's president dated Tuesday, the Science Committee in the US House of Representatives asked for "all documents and communications" about the cyberattack and the security of the Fed's SWIFT Alliance Access money transfer system.
In the attack, the hackers tried to steal a total of USD 1 billion through 35 international money transfer orders, 30 of which were stopped.
"Weaknesses existed within the computer network of the Bangladesh Bank and based on research done by a third party, cyber criminals were able to exploit these vulnerabilities," says the letter, posted on the committee's website.
Also Read
"Then, the cyber criminals covered their tracks using malware" that was able to manipulate money transfer request records as well as account balances as shown in logs, as well as to intercept messages verifying transfer orders.
Bangladesh authorities had said earlier they were considering suing the Reserve Bank over the loss of the funds.
But any international cyber system is only as strong as its weakest link, said the letter signed by the committee's co-chairmen, Lamar Smith of Texas and Barry Loudermilk of Georgia.
"This is deeply troubling, and it is Congress' responsibility to ensure, through its oversight, that the NY Fed is taking all precautions to protect American finances and aggressively execute its own role as overseer of SWIFT," the letter says.
Amid the fallout, the Bangladesh Bank Governor Atiur Rahman resigned in March, saying he had tried after the theft to close loopholes and boost the bank's online security, but that the bank's team lacked experience.
And in Sri Lanka, a court banned six people from traveling abroad after their foundation allegedly received some of the stolen money. The private bank where the foundation had an account alerted the Bangladesh central bank about the transfer and returned the funds.