Flutterwave Allegedly Loses N11 billion in Security Breach

Nigeria’s Fintech company Flutterwave is reported to have lost N11 billion to a security breach that occurred in April 2024.

Reports disclosed that perpetrators of the breach illegally transferred the sum to several accounts in small amounts to avoid triggering fraud checks.

Two executives in the financial services industry confirmed the incident, noting that  Flutterwave reached out to request KYC details of the accounts involved. They also claimed that the accounts related to the incident have been temporarily restricted.

Flutterwave confirmed that the incident occurred in April when it detected unusual activities on one of its platforms used by a small number of customers for specific business transactions. This prompted them to swiftly inform the law enforcement agencies to provide the IP address and details of the offenders.

Addressing the security breach, Flutterwave said customers’ funds remain safe amid concerns about a breach on its system. The company further disclosed that it had successfully blocked an attempted network intrusion and reported offenders to security agencies.

It added that its security stopped the breach before customer funds were impacted. The company noted that it has informed the Central Bank of Nigeria (CBN) about the incident. With this development, the company said it would undertake improvements on its platform and move users to another platform to ensure business continuity for customers.

Commenting on the incident, FlutterWave’s Head of Information and Security, Nujinim Egwegbete-Odukwu, said,

“As leaders, we continue to invest heavily in our security infrastructure to ensure customers continue to remain safe as they transact using Flutterwave. As a proactive step to strengthen security, we are enhancing safety features on the affected platform and will be migrating some of our customers to another platform to ensure they can benefit from the security enhancements. We will continue our advocacy for ecosystem-led system initiatives that will help in fighting security threats in the digital ecosystem across Africa.”

In line with this, Flutterwave has further advised its customers to take advantage of the security measures available while using its platform, as they also have a role to play in ensuring the best personal security practices.

This is the fourth incident of unauthorized transfers at Flutterwave after the first incident in a February 2023 breach, where N2.9 billion was diverted to 107 bank accounts in 27 banks, according to court documents. In March 2003, about 107 bank accounts in 27 banks received N550 million. In October 2023, about 6,000 account holders across 35 banks and financial institutions received N19 billion ($24 million) illegally transferred through unauthorized transactions by POS merchants.

These fraudulent incidents highlight the challenges fintech companies face in safeguarding their platforms against sophisticated cyber threats, even as they continue to innovate and expand their services.

There is no disputing the fact that rising cases of fraud in Nigerian fintechs have become a significant concern, posing serious threats to the sector’s growth and reputation. As fintech companies continue to innovate and expand their services, they are increasingly becoming targets for sophisticated cybercriminals.

Several high-profile incidents have highlighted the vulnerabilities within the industry. For instance, the alleged loss of $40 million by Interswitch to chargeback fraud, and Flutterwave recent loss of N11 billion, amongst others.

Despite swift action to mitigate the damage and reassure customers of safety, such incidents can undermine trust and confidence in such companies. Therefore, to combat this trend of growing fraud, Nigerian fintechs must invest heavily in robust security infrastructure and continuous monitoring systems to detect and prevent fraudulent activities.