Hackers have stolen ₦2.9 billion from Flutterwave accounts, petition to freeze accounts linked to stolen funds
The news:
- In early February 2023, hackers transferred over £2.9 billion from Flutterwave accounts.
- While the police investigation is ongoing, Flutterwave is trying to freeze accounts where some of the money was transferred.
- A motion to freeze accounts in 27 financial institutions in Nigeria, including Access Bank, Kuda, Zenith Bank and OPay, has been filed.
According to documents seen by Techpoint Africa₦2,949,557,867 has been illegally transferred from the accounts of African fintech unicorn, Flutterwave.
On February 19, 2023, Flutterwave’s Legal Adviser, Albert Onimole, reported the case to the Deputy Commissioner of Police, State Criminal Intelligence Department, Panti, Yaba, Lagos.
Per Onimole’s letter, the hack on Flutterwave’s accounts happened around two weeks ago from February 13. It was said that the money was initially transferred to 28 accounts in 63 transactions. While the incident was reported to the police on 13 February 2023, with the list of accounts that had received the money, the police were unable to freeze the funds.
According to Flutterwave, some commercial banks allowed the money to be moved to other accounts, widening the money trail.
To investigate accounts holding the stolen funds across various financial institutions in Nigeria, SA Adedesin, Legal Officer, State CID, Panti, Yaba, Lagos filed a case in the Magistrate Court of Lagos (Yaba Magisterial District sits at Yaba) to support Flutterwave’s claims.
The matter is between the Chief of Police and the following financial institutions.
- Access Bank
- Providus Bank
- Union Bank
- Keystone Bank
- PalmPay
- First City Monument Bank (FCMB)
- Kuda Bank
- Zenith Bank
- First Bank of Nigeria
- Guaranty Trust Bank (GTB)
- United Bank for Africa (UBA)
- Polaris Bank
- Wema Bank
- Union Bank
- Sterling Bank
- Ecobank
- Paycom
- Fidelity Bank
- Eyowo
- Stanbic IBTC Bank
- Opay
- VFD Microfinance Bank
- Carbon
- Moniepoint
- Al-Hayat Microfinance Bank
- PiggyVest
- Nomba (formerly Kudi)
Some accounts are already frozen
Although there are no documents confirming whether the court has ruled in favor of Inspector Micheal’s proposal, some people have confirmed that their accounts have been frozen in connection with the hack.
A Twitter User said: “I received an email from my bank stating that I am a fourth recipient of this reputed scam. This was after over five days of a successful trade. My account is locked 🔒 can’t access the fund inside. Pls is this correct? It’s unfair I have zero business with flutter wave or the hack.”
According to the proposal submitted by Adebesin, 107 accounts, including the fifth beneficiary of these accounts, are to be placed on lien/Post-No-Debit (PND).
With the stolen funds spread over several accounts, as follows to tweetsmay or may not have anything to do with the hack, it is currently not clear who hacked Flutterwave.
Questions about how hackers got past Flutterwave’s security and what this means for the unicorn’s customers remain unanswered.
Interestingly, a statement from Flutterwave denied the hack. it said, “we identified an unusual trend of transactions on some users’ profiles. Our team immediately launched a review (in line with our standard operating procedure), which revealed that some users who had not enabled any of our recommended security settings may have been susceptible.” »
The statement added that Flutterwave was able to resolve the issue before any harm was done to users.
“We want to confirm that no user has lost any funds, and we are proud of the fact that our security measures were able to resolve the issue before anyone could harm our users.
Our commitment to keeping users’ financial information safe and secure is why we invest heavily in security initiatives such as periodic audits, certifications and licenses such as PCI-DSS and ISO 27001. These are in line with global best practices in information security management.”
However, some Twitter users claim that their accounts were locked as a result of the Flutterwave hack.
It is unclear why Flutterwave insists it has not been hacked given the existence of court documents proving the fact and various bank owners confirming the incident.
This is a developing story.
[Update] This article was updated on Sunday 5 March 2023 at 16:11 WAT To reflect that this is a development story, Flutterwave is working on an official statement.
[Update] Monday 6 March 2023 at 01:20 WAT. Flutterwave’s statement said the Fintech Unicorn was not hacked while court documents say otherwise.