Nigerian Payment Company Loses N11 Billion to Security Breach, Funds Transferred to Many Accounts

Nigerian Payment Company Loses N11 Billion to Security Breach, Funds Transferred to Many Accounts

  • Flutterwave, the financial technology company, experienced another security breach, leading to a loss of N11 billion
  • The stolen funds were allegedly transferred to multiple bank accounts in five banks and financial institutions
  • Flutterwave said that no customer funds were lost or affected by the incident, which happened in April 2024

PAY ATTENTION: Leave your feedback about Legit.ng. Fill in this short form. Help us serve you better!

Legit.ng’s Pascal Oparada has reported on tech, energy, stocks, investment, and the economy for over a decade.

Nigerian payment giant Flutterwave has suffered another security breach, allowing unknown persons to divert N11 billion to various bank accounts.

The incident happened one month after the company obtained a court order to recover another $24 million lost to unauthorised PoS transactions.

Flutterwave suffers breach
Nigerian financial technology company, Flutterwave losses to N11 billion in security breach Credit: NurPhoto
Source: Getty Images

Hackers transferred the funds to five banks

Reports say the hackers illegally transferred the N11 billion (about $7 million) to several accounts in April 2024.

Read also

Nigerian bank discovers new app used by fraudsters to hack account, warns customers

The company disclosed that it detected unauthorised activities that were inconsistent with its customer behaviours.

The company did not disclose the amount lost to the unauthorised access but said no customer funds were lost or compromised.

Flutterwave said:

“As is common in the financial services industry, there will always be attempts by bad actors to compromise the security of systems set up to protect and monitor services.”
“In April, we detected unauthorised activities inconsistent with usual customer behaviour on one of our platforms used by a small subset of our customer base.”

Hacker also steal N19 billion

TechCabal quoted an insider source saying the funds were transferred to multiple accounts across five financial institutions over four days.

The hackers allegedly evaded detection by keeping the deposits below thresholds, which would prompt fraud checks.

Read also

“Apply Now”: SMEDAN begins disbursement of N5bn to small businesses, sets criteria to qualify

In October 2023, about 6,000 bank account holders across 35 banks and financial institutions received N19 billion illegally through unauthorised PoS transactions by merchants. 

Nigerian Bank identifies app used for fraud

This happened as Wema Bank issued a warning regarding a new banking cyber threats targeting android devices.

The bank said the malware is called "Brokewell" and has cautioned customers to remain alert and never download.

Wema Bank explained that the malware is designed to steal sensitive information such as banking details and personal data, is being spread through various means, including phishing emails and malicious websites.

It added that once installed on a victim's device, the malware can allow fraudsters to remotely access and control the device, giving them unrestricted access to the victim's personal and financial information.

Flutterwave announces date to shut down Its creator platform

Legit.ng earlier reported that with effect from March 31, 2024, Disha, a platform for creators that Flutterwave acquired in 2021, would be temporarily shut down.

Read also

Archegos founder to go on trial for fraud, market manipulation

The platform allows digital creators to curate, sell digital content, create portfolios and receive payments from their audience globally.

The company explained that the decision was necessary to reevaluate its objectives and realign its vision to better serve the creative community.

Source: Legit.ng

Online view pixel