Fintech
Fintech giant Flutterwave loses ₦11 billion due to security breach
This incident came just a month after Flutterwave obtained a court order to recover $24 million lost due to unauthorized POS transactions. TechCabala reported.
According to a financial services insider with direct knowledge of the incident, the offenders illegally transferred ₦11 billion ($7 million) to several accounts in April 2024. However, a second insider said that the amount in issue was at least ₦20 billion (US$13.5 million). ).
What Flutterwave said:
“As is common in the financial services industry, there will always be attempts by bad actors to compromise the security of systems set up to protect and monitor services,” Flutterwave told TechCabal in a statement.
“In April, we detected unauthorized activity inconsistent with usual customer behavior on one of our platforms used by a small subset of our customer base.”
Flutterwave did not reveal the exact amount involved, but stressed that “no customer funds have been lost or compromised, and the confidentiality of our customer data remains protected.”
However, a highly placed individual with knowledge of the incident revealed that the stolen funds were transferred to multiple accounts at five financial institutions over a four-day period.
The incident likely went unnoticed as the perpetrators ensured that deposits remained below thresholds that would require anti-fraud checks.
Hacking issues are nothing new for Flutterwave. In February 2023, hackers transferred over ₦2.9 billion from Flutterwave accounts. In October 2023, approximately 6,000 account holders across 35 banks and financial institutions received ₦19 billion ($24 million) illegally transferred via unauthorized transactions from POS merchants.
The fact was reported to the police and investigations were started, said the same person who requested anonymity.
Two financial services industry executives confirmed the incident and said Flutterwave had reached out to request KYC details of the accounts involved. They also said that accounts related to the incident have been temporarily restricted.