Flutterwave Looses N11 Billion Again in Security Breach

Flutterwave, Africa’s foremost payment technology company, has once again been targeted by cybercriminals. This time, an alarming N11 billion was illicitly drained from the company’s coffers, stirring significant concern within the tech community and among its vast user base. 

Despite the breach, Flutterwave reassures that no customer funds have been compromised.

How the breach happened

According to an inside report by Techcabal, a “highly-placed staff” member disclosed that unidentified fraudsters orchestrated a sophisticated scheme in April 2024, transferring a staggering N11 billion ($7 million) to multiple accounts across various financial institutions. This nefarious activity is part of a larger troubling trend affecting the financial giant, which had previously sought legal recourse to recuperate $24 million lost to unauthorized POS transactions in 2023.

“The perpetrators engaged in a complex money trail, transferring funds to random accounts which then circled the money among other accounts, effectively obscuring the origins and flow of the stolen funds,” the insider explained. Despite the intricate maneuvers, Flutterwave has asserted that the integrity of customer funds and data remains uncompromised.

Swift response and ongoing investigations

In response to the breach, Flutterwave was prompt to detect the anomaly through its robust monitoring systems that flagged unusual activities diverging from typical customer behavior. The matter has swiftly been escalated to law enforcement, with investigations currently underway to unravel the full scope of the breach and apprehend those responsible.

Flutterwave’s proactive measures also involved reaching out to other financial institutions to secure the Know Your Customer (KYC) details associated with the accounts involved in the breach. In a statement to Techcabal, Flutterwave emphasized its commitment to securing its platforms against such vulnerabilities. “As is common in the financial services industry, there will always be attempts by bad actors to compromise our systems. We are continually improving our security measures to safeguard our customers’ interests,” the statement read.

Past security breach incident at Flutterwave

The incident marks the fourth major security breach Flutterwave has faced in just over a year, shedding light on the ongoing challenges within the fintech industry in safeguarding against cyber threats. The company has announced plans to further enhance its security protocols and migrate certain customer segments to a more secure platform to prevent future incidents.

Nujinim Egwegbete-Odukwu, Flutterwave’s Head of Information and Security, commented on the breach, stating, “We are steadfast in our resolve to not only address this incident but also to lead by example in fortifying our defenses. Our commitment to our customers’ safety is unwavering, and we will continue to advance our security measures to set industry standards.”

Flutterwave’s Continued Commitment to Security

Flutterwave has reiterated its dedication to maintaining the highest security standards and ensuring the continuity of secure operations for all its users. The company also encourages its customers to utilize the robust security tools provided on its platform, as a collaborative effort to fend off potential security threats.

As Flutterwave navigates through the aftermath of this breach, the incident serves as a critical reminder of the persistent threats looming over the digital financial landscape. With each challenge, Flutterwave reinforces its foundation, determined to shield its community from the evolving tactics of cybercriminals.

Security breaches in other banks, fintech

Cybersecurity breaches have become increasingly common among Nigeria’s financial and technology sectors, shaking the confidence of both corporations and consumers. MTN, the biggest telecom operator in Africa, reported losses of N10.5 billion in 2022 due to cyber attacks. Additionally, now defunct Patricia Technologies Limited, a well-known cryptocurrency exchange, was defrauded of $2 million in depositor funds in January 2022, resulting in a temporary halt of its operations.

The banking sector has not been immune to these challenges. Access Bank, a major Nigerian bank, initiated legal actions in June and July 2023 to recover losses totaling N35 billion stolen by cybercriminals.

In a related development, the Financial Institutions Training Centre (FITC) disclosed in its Fraud and Forgeries report that Nigerian banks incurred losses of N2.09 billion in the last quarter of 2023, with mobile transactions being the primary vulnerability.

Furthermore, despite Flutterwave’s denial of a security breach on March 5, 2023, legal filings later confirmed the fintech firm had approached law enforcement to reclaim N2.9 billion that had been illicitly transferred from its account.