Flutterwave Hit by Major Security Breach, Billions Diverted to Multiple Bank Accounts

Paige Henley
Paige Henley Editor
Published on: May 20, 2024
Paige Henley Paige Henley
Published on: May 20, 2024 Editor

In a significant setback for Nigerian fintech company Flutterwave, a major security breach in April 2024 allowed unknown individuals to divert billions of naira to several bank accounts. This incident follows closely on the heels of a court order obtained by Flutterwave to recover $24 million lost to unauthorized POS transactions.

The unauthorized transfers amounted to ₦11 billion ($7 million), according to a financial services insider with direct knowledge of the situation. Another insider claimed the amount involved was at least ₦20 billion ($13.5 million).

Flutterwave acknowledged the breach in a statement to TechCabal, noting that the company had detected “unauthorized activities inconsistent with usual customer behavior on one of our platforms used by a small subset of our customer base.” Despite the substantial financial impact, Flutterwave emphasized that “no customer funds were lost or compromised, and the confidentiality of our customers’ data remains intact.”

The breach, which saw the stolen funds dispersed across multiple accounts in five financial institutions over four days, likely went undetected due to the perpetrators keeping deposits below the limits that would trigger fraud checks. The incident has been reported to law enforcement, and investigations are underway, said a source who wished to remain anonymous.

Financial services executives confirmed the breach and indicated that Flutterwave had reached out to request KYC details of the accounts involved. These accounts have since been temporarily restricted.

Unlike typical breaches where funds are transferred to the accounts of numerous unsuspecting users, this incident appears to involve an organized network. The perpetrators used a closed-loop method, transferring money to random accounts that then transferred it back to the original beneficiary accounts, effectively masking the money trail.

As Flutterwave grapples with this latest security breach, the fintech sector is reminded of the constant vigilance required to protect financial systems from increasingly sophisticated cyber threats.

About the Author
Paige Henley
Published on: May 20, 2024

About the Author

Paige Henley is an editor at SafetyDetectives. She has three years of experience writing and editing various cybersecurity articles and blog posts about VPNs, antivirus software, and other data protection tools. As a freelancer, Paige enjoys working in a variety of content niches and is always expanding her knowledge base. When she isn't working as a "Safety Detective", she raises orphaned neonatal kittens, works on DIY projects around the house, and enjoys movie marathons on weekends with her husband and three cats.