Hackers stole up to $1 billion from around 100 banks in an "unprecedented" cyber attack taking place over two years, according to security firm Kaspersky Lab.
Worse still, the robbery may still be taking place as the security specialists work with Interpol and Europol to reveal more details of the scale of the criminal operation.
The international gang of cybercriminals, labelled Carbanak, whose members hail from Russia, China and Ukraine, used a spear phishing campaign to target employees with malware that, when opened, infected banks' networks and recorded what staff were doing on their computers.
The hackers then spent two to four months on each robbery, stealing $10 million on each occasion either ordering ATMs to spit out cash at certain times of day or simply transferring money from the banks' accounts to their own.
Video surveillance meant the criminals knew how the staff operated, and could imitate their digital behaviour when making transactions to appear less suspicious.
Kaspersky told The New York Times it has seen evidence of $300 million in thefts, but believes the total could be at least triple that figure.
Sanjay Virmani, director of Interpol's digital crime centre, said in a statement on Reuters: "These attacks again underline the fact that criminals will exploit any vulnerability in any system.
"It also highlights the fact that no sector can consider itself immune to attack and must constantly address their security procedures."
Kaspersky called it a "slick" operation, saying banks in 30 countries were affected, including Canada, Russia, Ukraine, the US, Germany and China.
Some banks were hit multiple times.
The US body Financial Services Information Sharing and Analysis Center said in a statement: "Our members are aware of this activity. We have disseminated intelligence on this attack to the members."
Banks can protect themselves by making sure staff are better educated about IT security, according to Paul Glass, senior associate at international law firm Taylor Wessing.
He said: "This is another example of the importance of education of staff, both to minimise the risk of opening attachments that contain malicious payloads, and to take immediate action if they realise that they have opened a malicious attachment.
"The human element of risk can never be removed entirely, but banks should be ensuring that their training and education programmes are as effective as possible, particularly given the substantial financial impact of this attack."
He added that the technology used by hackers was "whitelisted", meaning it's legitimate software the banks allow system administrators to use.
"Regulators will want detailed explanations from the affected banks as to how access was obtained, the extent of compromise of each bank's systems, and how such a serious attack went undetected for many months," he said. "The clean-up operation within affected banks will be enormous."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.