Over Sh500 million was stolen from a local bank in a sophisticated cyber scheme. This has been revealed by the Financial Reporting Centre in its annual report dubbed Money Laundering and Terrorism Financing Trends and Typologies Report 2025.
According to the report, the commercial bank that has been anonymously identified as ‘XYZ Bank’ had contracted three merchants to install and maintain a 3D Secure integration system for cardholders.
This security system was supposed to be 3D secure with a feature that would be issuing One Time Pin (OTP) authentication code to the card holders for transaction authentication.
However, the contracted merchants altered the process by downgrading the system to a 2D secure feature that did not need to issue OTP authentication codes. “The contractors thereafter initiated customer wallets which required no customer authentication,” the report stated.
Through this scheme, a total of USD 4 million [equivalent to Sh516.8 million at an exchange rate of 129 to the US dollar] was stolen from the customer wallets.
DCI: How Esther Bitutu Kadiki siphoned Sh1.5 billion from Equity Bank
These funds were then diverted and settled into the account of one of the contractors in another bank that was anonymously identified as ‘JKA bank’ by the report. “Thereafter, the funds were utilized through the purchase of USDT (Tether) in different crypto exchanges. They were then transferred to a common USDT address,” the report stated.
The revelations by the Financial Reporting Centre come amidst incidents that occurred in 2024 in which prominent local banks lost millions of cash through elaborate heists.
For instance, a court case involving Equity Bank and a former employee who was identified as Geoffrey Kiragu shows that the bank lost millions through unauthorized transfers that were allegedly conducted by the employee between May 17, 2024 and June 14 2024. These funds were then deposited into the accounts of eight companies.
These companies included Ubahashi Traders Limited, Calabash Adventures Limited, Jahnur Investment, Kariye Investment, Flowerish International, Kariye Salah Ali, Hotho Investments, and Sasa Pay Trust.
In the same 2024 year, Absa Bank Kenya recovered Sh227 million that had been lost through incidents of banking fraud. This recovery was done in the financial year ended December 31, 2024. In the same financial year, the bank stopped the loss of an estimated Sh334 million that was attempted at the bank.
The Sh227 million that the bank recovered was seven times more than the Sh32 million that the bank had recovered in the previous 2023 financial year. In that financial year, the bank had stopped the loss of an estimated Sh498 million.
Did you love the story? You can also share YOUR story and get it published on Bizna Click here to get started.