5 Biggest Hacks, Fraud Cases of 82.4 Billion Between 2023, 2024

In recent years, Nigeria’s financial institutions have found themselves at the epicenter of increasingly sophisticated fraud cases and cyber attacks. One such glaring example unfolded with GTBank, one of Nigeria’s banking giants, which experienced a severe security breach.

Cybercriminals are suspected of compromising GTBank’s domain address, leading to a temporary shutdown of its main website. 

The breach not only disrupted the bank’s online services but also exposed potential vulnerabilities in its cybersecurity framework, which could be exploited to access sensitive customer data. 

This incident forms a concerning backdrop to a broader narrative of financial security challenges within the region, prompting a deeper examination of the most significant fraud cases that have hit Nigerian banks between 2023 and 2024.

1. First Bank’s Monumental Fraud

Year: 2023
Estimated Loss: ₦40 billion ($29 million)

In what was one of the largest fraud cases in Nigerian banking history, First Bank suffered a massive internal breach. An employee managed to divert ₦40 billion into various personal accounts, including one belonging to his wife. The discovery came to light after a vigilant customer noticed unauthorized transactions and alerted the bank. 

This incident has since opened up a Pandora’s box of questions regarding internal security measures and employee vetting processes at First Bank. The bank’s response was swift, involving legal actions to freeze the involved accounts and an internal overhaul to tighten security.

2. Flutterwave’s Double Whammy: Unauthorized POS Transactions

Year: 2023
Estimated Loss: $24 million

Flutterwave, a renowned player in the fintech arena, faced a severe setback when unauthorized POS transactions led to a loss of $24 million. The fintech company, responding to the crisis, obtained a Mareva injunction that allowed for the freezing of funds across over 6,000 accounts spanning 35 banks and financial institutions. 

This incident not only highlighted vulnerabilities in digital payment systems but also underscored the critical need for stringent operational controls. Flutterwave’s immediate response included enhancing its KYC protocols and strengthening its technical infrastructure to prevent future occurrences.

3. April’s Flutterwave Security Breach

Year: 2024
Estimated Loss: ₦11 billion ($7 million)
April 2024 saw Flutterwave grappling with another significant breach. Hackers orchestrated a well-planned intrusion that siphoned around ₦11 billion, potentially as high as ₦20 billion, according to insider estimates. 

The cyber-attack was sophisticated, involving multiple transactions routed through various financial institutions to obscure the trail. This breach was a stark reminder of the persistent and evolving threats in cyber-security, prompting Flutterwave to reassess and fortify its security measures.

4. Flutterwave’s Early 2023 Hack

Year: 2023
Estimated Loss: ₦2.9 billion ($6.3 million)
The year started on a grim note for Flutterwave as it encountered a hack in which ₦2.9 billion was illicitly transferred from its coffers. The fraud was spread across 28 commercial banks, indicating a broad and well-coordinated attack. 

Flutterwave’s initial denial of the incident turned into an acknowledgment as they collaborated with law enforcement and banking partners to trace and recover the funds. This incident was a critical learning point for the fintech giant, leading to improved monitoring and immediate response strategies.

5. Flutterwave and the Cryptocurrency Theft

Year: 2023
Estimated Loss: ₦450 million
In a related and later incident in the same year, Flutterwave faced another security challenge involving cryptocurrency transactions totaling ₦450 million. 

The breach was linked to the earlier multi-billion naira hack, with detained individuals revealing that the stolen funds included substantial amounts converted to cryptocurrency and sold to a foreign merchant. 

This highlighted the vulnerabilities associated with digital currencies and the need for enhanced security protocols in cryptocurrency transactions.