Nigerian fintech company, Flutterwave, has denied reports of a hacking incident that allegedly led to the theft of over ₦2.9 billion ($6.3 million) from its account.

The company’s Head of Branding and Storytelling, Yewande Akomolafe-Kalu, said that a merchant’s account had been compromised, but claimed that no user lost any funds.

After observing some unusual transactions on users’ profiles, the company launched a review which revealed that some users who had not activated recommended security settings were more susceptible to security breaches.

Flutterwave has reportedly filed a motion to freeze accounts in over 27 financial institutions in Nigeria, in an attempt to freeze some of the illegally transferred funds.

Multiple reports claim that hackers have stolen more than $4.2 million from Flutterwave – an African fintech company providing payment infrastructure for global merchants and payment service providers across the continent.

According to a report, Flutterwave, the African fintech unicorn based in Nigeria, might have lost ₦2.9 billion (approx. $4.2 million) in a hack that happened in mid-February.

Flutterwave is currently seeking to retrieve some of the stolen funds.

Flutterwave first reported the alleged hack to the Deputy Commissioner of Police, State Criminal Intelligence Department, Yaba Lagos, through legal counsel Albert Onimole.

After conducting thorough investigations, S.A. Adedesin, the Legal Officer and State CID, filed a suit (MISC/MC4/181/23) on February 27, at the Magistrate Court of Lagos (Yaba Magisterial District sitting at Yaba) to support Flutterwave’s hack claims.

According to data submitted, the hack involved 28 accounts in 63 transactions – Flutterwave is now seeking to freeze accounts where some of the money was transferred.

Some financial institutions involved include Access Bank, Providus Bank, Union Bank, Keystone Bank, PalmPay, First City Monument Bank (FCMB), Kuda Bank, Zenith Bank, and First Bank of Nigeria.

Others include Guaranty Trust Bank (GTB), United Bank for Africa (UBA), Polaris Bank, Wema Bank Union Bank, Sterling Bank, Ecobank, Paycom, Fidelity Bank, Eyowo, Stanbic IBTC Bank, Opay, VFD Microfinance Bank, Carbon, Moniepoint, Al-Hayat Microfinance Bank, PiggyVest and Nomba (previously Kudi).

Flutterwave Freezes The Stolen Funds

Fortunately, the Magistrate Court of Lagos has ruled in favor of Flutterwave and the fintech firm has successfully frozen most of the accounts involved in the recent hack.

While commenting about the recent hack, a Twitter user, who received some of the acclaimed fraud money claimed:

“I got a mail from my bank saying I’m a 4th beneficiary to this acclaimed fraud money. This was after over five days after a successful trade. My account is locked 🔒 can’t access the fund inside. Pls is this right? It’s unfair. I have zero business with flutter wave or the hack.”

In the meantime, investigations of the recent hack are ongoing. According to most tweets, the stolen funds were distributed across several accounts, some of which may or may not have anything to do with the hack.

In a statement of their own, Flutterwave has claimed that they were not hacked and no users lost any funds:

We want to reassure you that Flutterwave has not been hacked. As a financial institution, we monitor transactions through our transaction monitoring systems and 24-hour fraud desk and review any suspicious activity. We collaborate with other financial institutions and law enforcement agencies to keep our ecosystem safe and secure.

During a routine check of our transaction monitoring system, we identified an unusual trend of transactions on some users’ profiles. Our team immediately launched a review (inline with our standard operating procedure), which revealed that some users who had not activated some of our recommended security settings might have been susceptible.

We want to confirm that no user lost any funds, and we take pride in the fact that our security measures were able to address the issue before any harm could be done to our users.