Flutterwave has registered itself as one of Africa’s most prominent fintech unicorns and an African tech poster child. But over the last year, it has had to sail through stormy waves of worrisome controversies. And just when we thought the storm was over, a fresh episode opened.

The latest chapter in Flutterwave’s fraught history sees the fintech unicorn in the throes of yet another storm, this time as the victim of a major hack. According to a report by TechPoint Africa, an eye-watering ₦2,949,557,867 has been illegally siphoned from Flutterwave’s accounts.

Flutterwave’s legal counsel, the illustrious Albert Onimole, notified the Deputy Commissioner of Police, State Criminal Intelligence Department, Panti, Yaba, Lagos, on February 19th, 2023, about the matter at hand. In his accompanying letter, Onimole explicated that the malevolent hackers successfully infiltrated Flutterwave’s accounts roughly two weeks earlier, on February 13th. Reportedly, the pilfered money was originally relocated to twenty-eight different accounts via sixty-three separate transactions.

While the incident was dutifully reported to the police on February 13th, 2023, along with the complete list of accounts that had received the money, it appears that the police could not promptly freeze the funds. In his letter, Onimole holds some commercial banks culpable for the regrettable state of affairs as these banks allowed the funds to be transferred to other accounts, thereby broadening the money trail.

S.A. Adedesin, the Legal Officer of the State CID, Panti, Yaba, Lagos, filed a motion ex-parte (MISC/MC4/181/23), dated February 27th, in the Magistrate Court of Lagos (Yaba Magisterial District sitting at Yaba) to advance Flutterwave’s claims and further investigate accounts harbouring the stolen funds across various financial institutions in Nigeria. Apparently, the motion was granted in Flutterwave’s favour.

The lawsuit (MISC/MC4/181/23) is between the Commissioner of Police and a long list of financial institutions, including top lenders like Access Bank, Zenith Bank and 25 others.

But that’s not where it ends.

Although there are no documents to confirm if the court has ruled in favour of Inspector Micheal’s motion, some people have come forward to corroborate that their accounts have been frozen in connection to the hack.

A (now suspended) Twitter user stated, “I got a mail from my bank saying I’m a 4th beneficiary to this acclaimed fraud money. This was after over five days after a successful trade. My account is locked 🔒 can’t access the funds inside. Pls is this right? It’s unfair I have zero business with flutter wave or the hack.”

As per the motion filed by Adebesin, 107 accounts, including the fifth beneficiaries of those accounts, are to be placed on lien/Post-No-Debit (PND).

Since the stolen funds have been disbursed across several accounts that may or may not have anything to do with the hack, it is unclear at this time who perpetrated the hack on Flutterwave.

Queries about how the hackers managed to bypass Flutterwave’s security and what implications this will have on the unicorn’s customers continue to linger.

However, Flutterwave is dismissing the notion of a hack, stating, “We identified an unusual trend of transactions on some users’ profiles. Yet, that hasn’t been enough to quell people’s worries. Some users are insisting that a hack did happen and their accounts are locked.

The case is still developing. But whichever way you choose to see it, there’s no doubt that something grand happened at Flutterwave. And a frilly press statement might not be enough to dispel people’s concerns.

Elsewhere on Ventures

Triangle arrow