Great question as the guidance I recall doesn't address this specific situation. You might get differing opinions on this, but it seems to me you need to file a SAR for at least a cyber-event.
Cyber-Event: An attempt to compromise or gain unauthorized electronic access to electronic
systems, services, resources, or information.
Also, I'm not an attorney (or FinCEN), but I'm wondering if you had a crime occur with the transfer, which could push this into the "cyber-enabled crime" category:
Cyber-Enabled Crime: Illegal activities (e.g., fraud, money laundering, identity theft) carried out or facilitated by electronic systems and devices, such as networks and computers.
Adam Witmer, CRCM
All statements are my opinion, not those of my employer, and should not be taken as legal advice.www.compliancecohort.com