Millions Of Customer Dollars Missing After Security Breach Occurs At Prominent Financial Institution

Flutterwave, the largest African startup, has potentially lost $4.2 million of its customers' money due to being hacked.

By Brian Scheid | Updated

security breach

Conflicting information has surfaced about Flutterwave and the potential loss of millions of dollars of its customers’ money due to being hacked. Regarding private company valuation, Flutterwave is the largest startup in Africa, and it has been reported that they are currently missing approximately $4.2 million from their customers’ accounts. This security breach occurred in February, and Flutterwave filed a motion to freeze accounts across 27 financial institutions that interacted with the missing funds.

According to techcrunch.com, “unknown actors transferred the funds across 28 accounts in 63 transactions in early February. Police investigations are ongoing.” Tech Crunch cites documents that they had reviewed to validate the claim. However, Flutterwave is telling a completely different story in its press release about the issue. Flutterwave is contending that no security breach caused the loss of millions of customers’ funds.

Instead, they claim it was a problem they discovered during routine monitoring of their transaction system. That monitoring revealed that some customers had not activated some of its recommended security settings, which may have left them susceptible. Several tweets commenting on the alleged attack provided information about how the attack was perpetrated. In contrast, others complained about frozen accounts, which might have been related to the security breach.

According to Techpoint Africa, “the motion (Flutterwave) filed that 107 accounts, including the fifth beneficiaries of those accounts, are to be placed on lien/Post-No-Debit (PND). This directive restricts bank customers from withdrawing funds from their accounts.” With two conflicting stories circulating, the cause and method of the attack remain unclear. What is certain is that something occurred within Flutterwave’s system that has restricted some customers from access to their funds. The company has requested freezing accounts at multiple financial institutions. 

Also mentioned in Flutterwave’s statement is that no customers have lost any funds, which could just be a reference to the fact that they have insurance that would cover customer losses. They assert that the company follows all standard protocols in protecting their customers’ assets in step with all the other financial institutions worldwide. They also ask for their customers’ faith and trust that their funds and information are safe from further security breaches.

Online commentary has been interpreting the information as it has been coming out and is pointing to the security breach being socially engineered. This theory postulates that merchant keys were compromised, allowing the perpetrators to access the monies in those affected customer accounts. With all the eyes of social media and other financial institutions on Flutterwave, the truth about what actually occurred and the impacts of the security breach will eventually come to light.