Based on documents reviewed by Techpoint Africa, an illegal transfer of ?2,949,557,867 has been made from the accounts of African fintech unicorn, Flutterwave.
On February 19, 2023, Flutterwave’s legal representative, Albert Onimole, reported the incident to the Deputy Commissioner of Police, State Criminal Intelligence Department, Panti, Yaba, Lagos.
According to Onimole’s report, the attack on Flutterwave’s accounts occurred about two weeks prior on February 13. It was reported to the police on the same day with a list of the accounts that had received the funds, but the police were unable to freeze the funds.
However, some commercial banks allowed the funds to be transferred to other accounts, complicating the investigation. To trace the stolen funds across various financial institutions in Nigeria, S.A. Adedesin, Legal Officer, State CID, Panti, Yaba, Lagos, filed a suit in the Magistrate Court of Lagos, listing several financial institutions including Access Bank, Providus Bank, Union Bank, Keystone Bank, PalmPay, First City Monument Bank (FCMB), Kuda Bank, Zenith Bank, First Bank of Nigeria, Guaranty Trust Bank (GTB), United Bank for Africa (UBA), Polaris Bank, Wema Bank, Sterling Bank, Ecobank, Paycom, Fidelity Bank, Eyowo, Stanbic IBTC Bank, Opay, VFD Microfinance Bank, Carbon, Moniepoint, Al-Hayat Microfinance Bank, PiggyVest, and Nomba (previously Kudi).
Some accounts have already been frozen, but it is unclear whether the court has ruled in favor of the motion filed by Adebesin.
Several questions remain unanswered, including how the hackers breached Flutterwave’s security and what this means for the company’s customers. Flutterwave has stated that it is preparing an official statement on the matter.