Shadowy hackers transferred the cash in 2016 from Bangladesh’s US accounts to Philippine bank Rizal Commercial Banking Corp (RCBC), where it was swiftly withdrawn.

The theft exposed the Philippines as a haven for dirty money, where some of the world’s strictest bank secrecy laws protect account holders from scrutiny.

A Manila court found Maia Deguito, who was a manager at the RCBC branch where the money landed, guilty on eight counts of money laundering which carry a minimum of four years each behind bars. She was also ordered to pay US$109 million in fines.

Deguito plans to appeal.

The authorities say Deguito helped coordinate the transfer of the money, which was taken from Bangladesh’s reserves account at the Federal Reserve Bank in the US.

Deguito is the only person who has been convicted in the case – which has drawn international concern – her lawyer Demetrio Custodio told AFP, adding that his client had been turned into a scapegoat.

“She could not have done this on her own. A bank the size of RCBC could not have allowed a lowly bank officer to have planned this, so there are others involved in this,” Mr Custodio said.

RCBC said in a statement that it was a “victim” and that Deguito was a “rogue” employee.

The Philippine Justice Department said the case has not been closed, but could not immediately provide details on other cases.

A North Korean hacker is also wanted by the United States on charges that he and a state-sponsored hacking crew masterminded the Bangladesh heist.

Only US$15 million of the money was recovered after it landed in the Philippines. Tens of millions of the loot disappeared into Manila’s casinos, which were at the time exempt from rules aimed at preventing money laundering.

The Philippine central bank imposed a record US$21 million fine on RCBC after the discovery of the heist as it investigated the lender’s alleged role in the theft.

The US Reserve Bank, which manages the Bangladesh Bank account, has denied its own systems were breached.