oof, I guess that's how terrible precedents are formed. The argument of the plantiff is all wrong - it's not that the bank failed to secure some nebulous "online account", it's that the bank performed an unauthorized transfer by whatever means. Online banking credentials aren't proof of identity, and banks have continually rejected capability security (which in this case would have taken the form of dynamically-generated secrets that enable one transfer up to $X). If they can't afford to eat ~$100k every time their mostly-reversible system gets taken advantage of, they shouldn't default to offering the ability to transfer $100k to the Internet in the first place.

(and clearly bitcoin is the polar opposite, based on capabilities and being irreversible, for now)

Um.

In that case, the customer was demanding repayment of lost money, alleging the bank's security was negligent, and the bank was basically asking the court to say "it's not our fault somebody got his username/password".

Right. Which refutes seldo's conception that bank deposits are safe due to insurance or government guarantees.

The deposit in question exceeded that which is guaranteed by FDIC.

And your summary was flat-out disingenuous; you presented it as the bank suing the customer, when in effect it appears to be the bank seeking a court declaration that the bank's own security measures were not at fault, as a response to the customer's claims against the bank.