Last month, Flutterwave, which is Africa’s biggest startup in terms of private valuation, was reportedly a victim of a hack that led to the loss of over ₦2.9 billion (~$4.2 million) from its accounts, as per a local tech publication Techpoint Africa.
The publication reviewed documents that revealed that the funds were moved across 28 accounts in 63 transactions in early February. Investigations by the police are still ongoing, and Flutterwave, through legal counsel and law enforcement parties, has sought to freeze accounts across 27 financial institutions that interacted with the missing funds.
Techpoint Africa reported that the company has filed a motion, and several tweets have also come up over the weekend, alleging the hack and complaining of frozen accounts. The company reportedly seeks to place 107 accounts, including the fifth beneficiaries of those accounts, on lien/Post-No-Debit (PND), a directive that restricts bank customers from withdrawing funds from their accounts.
While the cause and method of the attack are not clear, some online commentary suggests that it might have been socially engineered, indicating that the merchants’ keys were compromised, allowing hackers to access the funds in their Flutterwave accounts.
Flutterwave has denied the hacking allegations through a statement on the matter, but the company’s reputation may still be impacted. The incident underscores the risks of operating in the fintech space, which requires rigorous security protocols to safeguard customers’ financial information.
Nevertheless, Flutterwave’s strong reputation in the African tech ecosystem may help the company bounce back from the hack, as it continues to expand its services across the continent.
Official Response from Flutterwave
At Flutterwave, we understand that our customer’s personal and financial information is of the utmost importance. We take this responsibility seriously and understand that any potential security breach can cause anxiety and concern among our customers.
We want to reassure you that Flutterwave has not been hacked. As a financial institution, we monitor transactions through our transaction monitoring systems and 24-hour fraud desk and review any suspicious activity. We collaborate with other financial institutions and law enforcement agencies to keep our ecosystem safe and secure.
During a routine check of our transaction monitoring system, we identified an unusual trend of transactions on some users’ profiles. Our team immediately launched a review (in line with our standard operating procedure), which revealed that some users who had not activated some of our recommended security settings might have been susceptible.
We want to confirm that no user lost any funds, and we take pride in the fact that our security measures were able to address the issue before any harm could be done to our users.
Our commitment to keeping our users’ financial information safe and secure is why we invest heavily in security initiatives such as periodic audits, certifications, and licenses such as the PCI-DSS & ISO 27001. These are in line with global best practices in information security management.
We want you to continue to trust us and feel secure in using Flutterwave for your business needs. Our commitment is to enable your business growth while keeping your financial information safe and secure.
The Flutterwave Team