In a shocking revelation, Nigerian fintech companies have fallen prey to a relentless onslaught of cyberattacks, resulting in collective losses of over ₦5 billion in just eight months. These devastating breaches have not only raised questions about the security of the industry but have also unveiled a disturbing surge in insider involvement in financial crimes.
The digital battlefield for these fintech firms intensified as hackers and fraudsters, employing both advanced tactics and insider complicity, exploited vulnerabilities in the systems. Even well-secured payment platforms were compromised when interconnected with sister fintechs that lacked sufficient cybersecurity measures.
According to a report by Nairametrics, the escalating wave of fraudulent activities in the Nigerian financial sector is primarily attributed to the increasing prevalence of insider involvement, a challenge that has left fintech companies struggling to strengthen their defense mechanisms.
Darlington Onyeagoro, CEO of one of Nigeria’s leading digital banks, Aladin, shared a distressing account of how hackers infiltrated a Nigerian fintech, making off with over ₦800 million.
What is particularly disconcerting is the revelation that insiders may have played a crucial role in these fraudulent activities, raising profound concerns and posing a formidable challenge for fintech firms across Nigeria. Furthermore, the breaches have exposed a troubling trend: attacks on sister fintech platforms that, when compromised, could compromise even the most secure payment platforms due to their interconnected nature.
The most recent victim, the popular crypto platform Patricia, has been grappling with payment disruptions following a significant loss of funds to hackers. Patricia had to suspend withdrawals after revealing the compromise of Bitcoin and naira assets, resulting in an undisclosed financial loss estimated at approximately $2 million.
However, Hanu Fejiro, the platform’s founder and CEO, has assured customers that reimbursement will commence on November 20, 2023.
Similarly, Flutterwave, another prominent fintech company, faced a hacker assault earlier this year, resulting in the theft of approximately ₦2.9 billion in customer funds. While the platform encouraged users to activate security protocols and protect their funds, it refrained from disclosing the exact extent of the loss.
Shockingly, details of the hack only came to light through court documents, revealing a petition by Flutterwave’s legal counsel to the police, seeking assistance in freezing 107 bank accounts across 27 banks to recover the stolen funds.
This concerning trend of fintech breaches reflects a broader issue in the financial sector. According to the Financial Institutions Training Centre (FITC) Fraud and Forgeries Report, Nigerian commercial banks also suffered significant losses, amounting to ₦5.79 billion due to fraudulent activities in the second quarter of 2023.
This staggering figure represents a remarkable 1,125.03% increase compared to the ₦472 million lost in the first quarter of the year. The report also highlights the alarming rise in insider involvement, with insider activities surging by 20.55% during the second quarter of this year.