Africa’s leading payments technology company, Flutterwave, has been embroiled in another security breach, with N11 billion ($7 million) reportedly siphoned from its accounts by unidentified perpetrators.
Techcabal reports reveal that the breach occurred in April 2024, marking the fourth such incident in the last 14 months for the financial giant.
An inside source, purportedly a senior staff member, disclosed the breach, highlighting that the illicit transfers involved approximately N11 billion. However, conflicting reports suggest the amount could be as high as N20 billion ($13.5 million).
Flutterwave acknowledged the breach, stating, “In April, we detected unauthorized activities inconsistent with usual customer behavior on one of our platforms used by a small subset of our customer base.” The company assured that no customer funds were compromised and that the confidentiality of customer data remained intact.
The method of the cybercriminals involved transferring funds to various accounts, orchestrating a complex web of transactions to obfuscate the movement of illicit funds. This tactic often involves exploiting unsuspecting users and leveraging social engineering techniques.
This recent breach follows previous incidents where Flutterwave lost huge sums to unauthorized transactions. In February 2023, N2.9 billion was diverted to numerous bank accounts, followed by N550 million in March 2023. Additionally, in October of the same year, approximately N19 billion was illegally transferred across 6,000 accounts in various banks and financial institutions.
Flutterwave has engaged law enforcement agencies and initiated investigations. They have also requested Know Your Customer (KYC) details for the accounts involved, which have been temporarily restricted.
