Cyber attacks are considered one of the most significant security threats to modern electronic banking. Customers, by depositing funds with a bank, expect that the bank will act as a custodian; however, cyber attacks can lead to unauthorized withdrawals from customer accounts. Consequently, some regard the bank as a custodian and impose the resulting consequences on it. The critical questions addressed in this research, which has been written in a descriptive-analytical format, include whether a bank can be viewed as a custodian in the case of cyber attacks, what the bank's responsibilities are in such circumstances, and how it can compensate for the incurred damages. The findings suggest that, based on Article 35 of the Monetary and Banking Law, as well as the responsibilities outlined in the Consumer Protection Law and the Electronic Data Protection Law, a bank cannot be regarded as a true custodian. The bank's obligation to protect customer assets is a type of commitment to a result that obliges it to return the entirety of their assets only upon the customer's request. Furthermore, it seems that the nature of money also questions the custodian status of banks, implying that in the event of a cyber attack, the damages incurred are against the bank's assets rather than the customer's account.