Tech news outlet TechCabal has reported that Nigerian payments startup Flutterwave may have experienced a second and third data breach, citing claims from three sources. The possible breaches are believed to have occurred on March 1 and 14, 2023, and follow an incident on February 5, which saw hackers reportedly transfer over ₦2.9 billion from Flutterwave accounts, as reported by Techpoint.
According to evidence shared with TechCabal, the hackers obtained around N550 million from Flutterwave accounts in the second and third incidents, using the stolen funds to purchase USDT from crypto exchange Binance. However, Flutterwave has once again denied that any hack took place, stating that neither the company nor its customers lost any funds.
The company previously denied the first data breach when it was reported. Despite these denials, claims continue to emerge that Flutterwave is in a legal dispute with a number of merchant accounts, seeking to recover millions of dollars from hundreds of users.
The beneficiaries of the first breach have claimed that Flutterwave has filed a forfeiture petition with the courts against them, alleging that they committed the crime without assistance. Speaking to TechCabal, some of the beneficiaries said that they were crypto merchants whose accounts had been blocked in relation to the breach. They claimed that they had jointly fulfilled a USDT request for a Chinese merchant with whom they regularly did business, and that the second and third breaches were also carried out by Chinese hackers.
Flutterwave has responded to the reports of the forfeiture petition, stating that it cannot disclose specific legal actions or ongoing cases due to their sensitive nature. However, the company said that it is collaborating with the relevant authorities and pursuing all available legal options to hold those responsible accountable