Last month, Flutterwave, Africa’s largest startup by private valuation, was involved in a hack that led to the loss of more than 2.9 billion yen (~$4.2 million) from its accounts, according to local technology publication Techpoint Africa.
According to documents seen by the publication and reviewed by TechCrunch, unidentified parties transferred funds across 28 accounts in 63 transactions in early February. Police investigations are ongoing as Flutterwave, through legal counsel and law enforcement parties, has filed an application and is seeking to freeze accounts across 27 financial institutions that interacted with the missing funds, Techpoint Africa reports.
Several tweets regarding the alleged hack also surfaced over the weekend. some information provided About hack, while others complained About frozen accounts that may be linked to the hack. According to Techpoint Africa, the proposal made that 107 accounts, including the 5th beneficiaries of these accounts, would be placed in custody/after non-deduction (PND). This directive restricts bank customers from withdrawing funds from their accounts.
The cause and manner of the attack remains unclear. However, one of the assumptions of Comment online is that the hack may have been socially engineered, meaning the merchants’ keys were compromised, allowing the hacker to access the funds in their Flutterwave accounts.
Meanwhile, Flutterwave, via a statement on the matter, denied that it was hacked.
At Flutterwave, we understand that our customers’ personal and financial information is of the utmost importance. We take this responsibility very seriously and understand that any potential security breach can cause concern and anxiety among our customers. We want to reassure you that Flutterwave has not been hacked. As a financial institution, we monitor transactions through our transaction monitoring systems and a 24-hour fraud desk and review any suspicious activity. We work with other financial institutions and law enforcement agencies to keep our ecosystem safe.
During a routine check of our transaction monitoring system, we have identified an unusual transactional trend on the profiles of some users. Our team immediately launched a review (in line with our standard operating procedures), which revealed that some users who did not activate some of the recommended security settings could be vulnerable to infection.
We want to assure that no user lost any money, and we take pride in the fact that our security measures were able to address the issue before any harm was done to our users.
Our commitment to keeping our users’ financial information safe and secure is why we invest heavily in security initiatives such as periodic audits, certifications and authorizations such as PCI-DSS & ISO 27001. These align with global best practices in information security management.
We want you to continue to trust us and feel safe using Flutterwave for your business needs. Our commitment is to enable the growth of your business while keeping your financial information safe and secure.
This is a developing story…