By 
Flutterwave, a leading Nigerian fintech company, has experienced a significant cybersecurity breach in April 2024, resulting in the diversion of billions of naira—estimated between ₦11 billion ($7 million) and ₦20 billion ($13.5 million)—into various bank accounts.
RELATED: Flutterwave adds two new licenses in Rwanda to expand operations in East Africa
This incident follows closely on the heels of a court order the company secured just one month earlier to recover $24 million lost to unauthorized point-of-sale (POS) transactions in October 2023, raising serious concerns about the integrity of its financial security measures.
The source of the breach remains unclear, but it appears to stem from a potential compromise within Flutterwave’s internal systems, which are designed to safeguard and monitor their services.
This latest breach further exacerbates ongoing issues of integrity for Flutterwave, which has faced multiple security breaches in recent times. These include the 2023 unauthorized transfers of $24 million through illegal POS transactions, a diversion of ₦2.9 billion to 107 bank accounts in February 2023, and another breach involving ₦550 million reported in March 2023, according to court documents.
“We acknowledge a potential compromise within our systems” – Flutterwave
Flutterwave has acknowledged the incident, stating in a press release, “We acknowledge a potential compromise within our systems established for safeguarding and monitoring services.”
The company also confirmed contacting financial institutions to obtain Know Your Customer (KYC) details for the accounts suspected of involvement in the unauthorized transfers. These accounts have been flagged and temporarily restricted by the respective banks.
Unlike typical cyberattacks, where hackers move stolen funds through numerous unsuspecting user accounts to obfuscate their actions, reports suggest a more focused strategy in the Flutterwave incident.
Concerned authorities in Nigeria are already investigating the security breaches, with a high possibility of an inside job being considered.
This breach not only raises questions about Flutterwave’s internal security protocols but also underscores the growing need for robust cybersecurity measures in the rapidly evolving fintech sector.
