Alleged security breach leaves millions of dollars missing from Flutterwave accounts

Last month, Flutterwave, Africa’s largest startup by private valuation, was involved in a hack that resulted in more than ₦2.9 billion (~$4.2 million) missing from its accounts, according to local tech publication Techpoint Africa.

According to the documents seen by the publication and reviewed by TechCrunch, unknown actors transferred the funds across 28 accounts in 63 transactions in early February. Police investigations are ongoing as Flutterwave, via legal counsel and law enforcement parties, has filed a motion and seeks to freeze accounts across 27 financial institutions that interacted with the missing funds, Techpoint Africa reported.

Several tweets regarding the alleged hack have also come up over the weekend. Some provided information about the hack, while others complained about frozen accounts that might be related to the hack. According to Techpoint Africa, the motion filed that 107 accounts, including the fifth beneficiaries of those accounts, are to be placed on lien/Post-No-Debit (PND). This directive restricts bank customers from withdrawing funds from their accounts.

The cause and method of the attack remain unclear. However, one of the postulations from online commentary is that the hack might have been socially engineered, meaning that merchants’ keys were compromised, allowing the hackers to access the monies in their Flutterwave accounts.