Great question as the guidance I recall doesn't address this specific situation. You might get differing opinions on this, but it seems to me you need to file a SAR for at least a cyber-event.
Cyber-Event: An attempt to compromise or gain unauthorized electronic access to electronic
systems, services, resources, or information.
Also, I'm not an attorney (or FinCEN), but I'm wondering if you had a crime occur with the transfer, which could push this into the "cyber-enabled crime" category:
Cyber-Enabled Crime: Illegal activities (e.g., fraud, money laundering, identity theft) carried out or facilitated by electronic systems and devices, such as networks and computers.
_________________________
Adam Witmer, CRCM
All statements are my opinion, not those of my employer, and should not be taken as legal advice.
www.compliancecohort.com