In another blow to the financial technology sector, Flutterwave, a prominent player in Nigeria’s digital payment landscape, has been rocked by yet another security breach, resulting in the diversion of billions of naira to multiple undisclosed bank accounts.
This incident is the latest in a series of setbacks for the fintech company, raising concerns about the integrity of its systems and the safety of customer funds.
According to insider sources familiar with the matter, unauthorized transactions amounting to approximately ₦11 billion ($7 million) were illicitly transferred to several accounts during April 2024.
However, other sources suggest the figure could be as high as ₦20 billion ($13.5 million), underscoring the magnitude of the breach.
Flutterwave, responding to inquiries regarding the breach, acknowledged the unauthorized activities but stopped short of confirming the exact amount involved.
In a statement to TechCabal, the company assured the public that no customer funds were lost or compromised, and the confidentiality of customer data remained intact.
The modus operandi of the perpetrators involved transferring the stolen funds to various accounts across five financial institutions over a span of four days.
To evade detection, the transactions were carefully orchestrated to stay below thresholds that trigger fraud checks, highlighting the sophistication of the operation.
Law enforcement agencies have been notified of the breach, and investigations are underway to apprehend those responsible.
Flutterwave has also initiated measures to mitigate the impact of the incident, including temporarily restricting the accounts implicated in the unauthorized transfers.
Industry analysts note that this is not the first time Flutterwave has fallen victim to such security breaches. Over the past fourteen months, the company has grappled with multiple incidents of unauthorized transfers, raising serious concerns about the adequacy of its cybersecurity measures.
In October 2023, Flutterwave reported unauthorized transactions totaling ₦19 billion ($24 million), affecting thousands of account holders across 35 banks and financial institutions.
Subsequent breaches in March and February 2023 saw millions of naira diverted to numerous bank accounts, further exposing vulnerabilities in the company’s systems.