Is there theft of funds when hackers using malware trigger the electronic transfer of million of dollars from a bank in New York to an account in the Philippines?
Under the law of theft (Theft Act 1968 s4) property that is capable of being stolen for the purposes of theft include things in action, such as debts, bank accounts, credit balances, and other personal property.
On the facts of our question, no actual notes or coins have been stolen from a bank in New York, neither has there been an appropriation of the funds in a bank account in NY, as it would be the case where a person presents a forged cheque to a bank , drawing funds from the victim’s account.( Note Chan Man-sin v AG for HK  1 AL ER 1PC).
The property that is appropriated for the purposes of theft in cases like Chan Man-sin is the victim’s right to draw from his own account( a chose in action).
The victim’s right to be paid the amount owed to him ( reflected by his credit balance with his bank) is a thing in action capable of being stolen by another. ‘
The facts in our question, however, indicate that a chose in action reflected by a bank customer’s credit balance was extinguished in NY bank, and a new chose in action was created in favor of the hacker in a bank in the Philippines.
A criminal charge of Fraud by False Representation under the Fraud Act 2006 may be brought against the hackers of the NY bank in that here a false representation : s2(1) ( as to the fact that the hacker has the authorization to instruct the NY bank in respect of fund transfers: This false representation has been made dishonestly by the hacker, submitted in any form designed to receive, convey or respond to communications with or without human intervention. Note s 2(5) Fraud Act 2006.