₦2.9bn illegally transferred from accounts of Nigerian fintech company Flutterwave

Counsel for Nigerian fintech company Flutterwave, Albert Onimole, reported a case of ₦2,949,557,867 illegally transferred from the company’s account to the Deputy Commissioner of Police, State Criminal Intelligence Department, Panti, Yaba, Lagos.

Flutterwave is a Nigerian fintech company that provides a payment infrastructure for global merchants and payment service providers across the continent.

Reports on Sunday, March 5 indicated that an amount of ₦2,949,557,867 has been illegally transferred from the accounts of Flutterwave.

Per Onimole’s letter, the hack on Flutterwave’s accounts occurred about two weeks ago from February 13.

The money was initially transferred to 28 accounts in 63 transactions.

While the incident was reported to the police on February 13, 2023, with the list of accounts that had received the money, the police could not freeze the funds.

According to Flutterwave, some commercial banks allowed the money to be moved to other accounts, widening the money trail.

To investigate accounts holding the stolen funds across various financial institutions in Nigeria, S.A. Adedesin, Legal Officer, State CID, Panti, Yaba, Lagos, filed a suit in the Magistrate Court of Lagos (Yaba Magisterial District sitting at Yaba) to support Flutterwave’s claims.

The suit is between the Commissioner of Police and the following financial institutions.

1. Access Bank
2. Providus Bank
3. Union Bank
4. Keystone Bank
5. PalmPay
6. First City Monument Bank (FCMB)
7. Kuda Bank
8. Zenith Bank
9. First Bank of Nigeria
10. Guaranty Trust Bank (GTB)
11. United Bank for Africa (UBA)
12. Polaris Bank
13. Wema Bank
14. Union Bank
15. Sterling Bank
16. Ecobank
17. Paycom
18. Fidelity Bank
19. Eyowo
20. Stanbic IBTC Bank
21. Opay
22. VFD Microfinance Bank
23. Carbon
24. Moniepoint
25. Al-Hayat Microfinance Bank
26. PiggyVest
27. Nomba (previously Kudi)

Some persons have confirmed that their accounts have been frozen in connection to the hack, although there are no documents to confirm if the court has ruled in favour of Inspector Micheal’s motion.

A Twitter user said, “I got a mail from my bank saying I’m a 4th beneficiary to this acclaimed fraud money. This was after over five days after a successful trade. My account is locked  can’t access fund inside. Pls is this right? It’s unfair I have zero business with flutter wave or the hack.”

Per the motion filed by  Adebesin, 107 accounts, including fifth beneficiaries of those accounts, are to be placed on lien/Post-No-Debit (PND).

With the stolen funds distributed across several accounts, which, according to tweets, may or may not have anything to do with the hack, it is not clear at this time who hacked Flutterwave.

Questions about how hackers got past Flutterwave’s security and what this means for the unicorn’s customers remain unanswered. We reached out to Flutterwave, and they’ve responded that they’re preparing an official statement on the issue.

Source: 3news.com with additional files from Techpoint Africa