The attackers who snitched $81 million from the Bangladesh central bank likely hacked from the SWIFT financial platform that’s at the core of the global financial system into applications, said security researchers at British defense contractor BAE Systems.

Its spokeswoman Natasha Deteran said a software update to thwart the malware, together with an unique caution for financial institutions to scrutinize their security procedures would be released on Monday by SWIFT.

The new developments coming to light in the unprecedented cyber-heist indicate an crucial lynchpin of the global financial system could be more exposed than previously understood because of the susceptibility that empowered attackers to change SWIFT’s client applications, to hacking attacks.

$81 million was routed to accounts in the Philippines and redirected to casinos there, although most of the payments were blocked. Most of those funds stay lost.

But the BAE research reveals the SWIFT applications on the bank computers was likely undermined in order to erase records of illegal transfers.

Deteran reiterated on Sunday that the malware that was “ does not have any impact on core messaging services or SWIFT’s network.”

The SWIFT messaging platform is used by 11,000 banks and other associations around the world, though just some Access applications, Deteran is used by the said.

Additional upgrades may be released by sWIFT as it learns more about the strike in Bangladesh and other possible hazards, Deteran said.

SWIFT is reiterating a warning to banks they should review internal security.

“Whilst we urge that other sellers do the same, the crucial shield against such assault scenarios is that users execute proper security measures within their local surroundings to safeguard their systems and keep all our interface products under constant review,” Deteran said.

BAE’s head of threat intelligence, Adrian Nish, said he’d never seen this kind of intricate scheme from criminal hackers.

“I ca’t think of a case where we’ve found a criminal go to the amount of attempt to customize it for the surroundings they were working in,” he said. “I think it was the recognition the possible reward made that attempt rewarding.”

A Bangladesh Bank spokesman refused comment on BAE’s findings.

A senior official with the Bangladesh Police’s Criminal Investigation Department said that investigators hadn’t found the particular malware but that their probe had not been completed by forensics specialists.

Bangladesh police investigators said the bank’s computer security measures were severely deficient, lacking even basic precautions like firewalls and relying on, $10 switches that were used in its local networks.

Police investigators told Reuters in an interview that SWIFT and the bank should take the blame for the troubles.

It was their duty to point it out but we’ve’t found any signs they informed before the heist said Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh cops’s criminal investigation section, referring to SWIFT.