Categories: Digital Marketing

Exclusive: Flutterwave loses ₦11 billion in security breach

One month after obtaining a court order to recover $24 million lost to unauthorised POS transactions, Flutterwave suffered another security breach that allowed unknown persons to divert billions of naira to several bank accounts.

The perpetrators illegally transferred ₦11 billion ($7 million) to several accounts in April 2024, one financial services insider with direct knowledge of the incident said. A second insider claimed the amount involved was at least ₦20 billion ($13.5 million).

“As is common in the financial services industry, there will always be attempts by bad actors to
compromise the security of systems set up to protect and monitor services,” Flutterwave said in a statement to TechCabal.

“In April, we detected unauthorized activities inconsistent with usual customer behavior on one of
our platforms used by a small subset of our customer base.”

Flutterwave did not specify the amount involved but insisted that “no customer funds were lost or compromised, and the confidentiality of our customers’ data remains intact.”

However, one highly-placed person with knowledge of the incident said that the stolen funds were moved to several accounts in five financial institutions over four days. The incident likely went undetected because the perpetrators ensured the deposits remained below limits that would trigger fraud checks.

The matter has been reported to law enforcement and investigations have begun, said the same person who asked not to be named.

Two executives in the financial services industry confirmed the incident and said Flutterwave reached out to request KYC details of the accounts involved. They also claimed that the accounts related to the incident have been temporarily restricted.

In similar system breaches, perpetrators conceal the movement of funds by sending money to the bank accounts of several hundred unsuspecting users. The details of those users are typically obtained online or using social engineering and fed into programs that automate bulk transfers.

However, April’s breach appears distinct. An organised network may have been involved in the distribution, said a highly placed staff at a financial institution.

“The perpetrators appeared to transfer the money to random accounts but thise same accounts would also transfer money to other accounts who then sent it back to the first beneficiary account, [in a sort of round trip].”

This closed-loop approach differs from past attempts to hide the trail using unconnected outsider accounts.

This is the fourth incident of unauthorised transfers at Flutterwave reported in the last fourteen months. In October 2023, about 6,000 account holders across 35 banks and financial institutions received ₦19 billion (*$24 million) illegally transferred through unauthorised transactions by POS merchants.

In March 2023, about 107 bank accounts in 27 banks received ₦550 million. In a February 2023 breach, ₦2.9 billion was diverted to 107 bank accounts in 27 banks, according to court documents seen by TechCabal.

Identifying the account owners involved in the latest incident may be easier than before since the Central Bank mandated all financial institutions to require all customers to provide their bank verification number (BVN) or a national identification number (NIN) for account or wallet opening by March 2024.   In February, Flutterwave received a court order—a Mareva injunction— that lets it recover the funds and assets of the identified account holders, even though they have spent the funds, with the KYC details provided by these financial institutions.

Get the best African tech newsletters in your inbox

ObadeYemi

Adeyemi is a certified performance digital marketing professional who is passionate about data-driven storytelling that does not only endear brands to their audiences but also ensures repeat sales. He has worked with businesses across FinTech, IT, Cloud Computing, Human Resources, Food & Beverages, Education, Medicine, Media, and Blockchain, some of which have achieved 80% increase in visibility, 186% increase in month on month sales and revenue.. His competences include Digital Strategy, Search Engine Optimization, Paid per Click Advertising, Data Visualization & Analytics, Lead Generation, Sales Growth and Content Marketing.

Share
Published by
ObadeYemi

Recent Posts

How to Humanize AI Content So It Will Rank, Engage, and Get Shared in 2025

I still remember my first taste of artificial intelligence (AI).It was “SmarterChild,” a chatbot available…

21 hours ago

Need to Write a Job Offer Letter? I’ve Got You Covered [+ Free Template & Examples]

You’ve just wrapped up all those interviews, and now you’ve found the perfect candidate. Next…

22 hours ago

Getting Your Scope of Work Right — the Complete Guide [+ Templates & Examples]

As a freelance writer, I’m always receiving and reviewing scope of work documents. These digital…

22 hours ago

What Is a Risk Assessment? My Complete Guide [+ Free Template]

No matter what you do for a living, you deal with all kinds of risks…

23 hours ago

How Brands Can Act Responsibly During a Crisis

It’s been 53 days since Hurricane Helene devastated my hometown of Asheville, but I’m going…

2 days ago

Here’s How I Write a Resignation Letter That Makes a Good Last Impression

I’m all too familiar with that uncomfortable feeling in your stomach when you have to…

2 days ago