In a significant development, a Federal High Court in Lagos has issued a ruling compelling 54 banks to return the sum of N9.3 billion that was fraudulently transferred in a cybercrime incident originating from an unnamed old-generation bank. The judgment, delivered by Justice Deinde Dipeolu on April 15, 2025, came as a response to an ex parte motion filed in suit number FHC/L/CS/629/2025.
The court’s directive mandates all financial institutions involved in the cyberattack to place a Post No Debit restriction on all recipient accounts and initiate the immediate return of available funds to the affected bank. The incident in question took place on March 23, 2025, when the plaintiff bank’s core banking system was compromised in a cybercrime attack, resulting in unauthorized debits from multiple customer accounts totaling N9,329,322,870. The stolen funds were subsequently distributed across accounts in 54 financial institutions.
Upon discovering the attack, the originating bank promptly notified all implicated financial institutions and commenced investigations to trace the disbursements. It was revealed that the funds were transferred in multiple batches from the originating bank to primary accounts before being further distributed to secondary and tertiary beneficiaries’ accounts.
The court ruling stipulated that all affected banks must provide detailed information on the involved accounts, including balances and amounts already transferred. Additionally, comprehensive customer data related to the transactions, such as names and destination accounts, must be disclosed. The judgment ordered the immediate return of all recoverable funds to the plaintiff bank and instructed that restrictions be maintained on all accounts that received portions of the funds until full recovery is achieved, limited to the amount each received.
Emphasizing the specificity of the ruling, the court clarified that it pertained solely to erroneously transferred funds and did not encroach upon other customer deposits in any way.
This latest incident underscores the escalating prevalence of cybercrime targeting Nigerian banks, despite ongoing efforts by financial institutions to enhance their systems and operations through core banking upgrades. Reports from Check Point Software Technologies, a cybersecurity platform provider, indicate that Nigeria’s banking and financial sector faces approximately 4,718 cyberattacks weekly.
Furthermore, a 2024 African Perspectives on Cyber Security Report highlighted Nigeria’s vulnerability to cyberattacks, ranking the country 19th globally in terms of attack frequency as of July 2024. The Nigeria Inter-Bank Settlement System revealed that over 80,658 bank customers fell victim to fraudsters in 2023, resulting in losses amounting to N59.33 billion between 2019 and 2023.
The Economic and Financial Crimes Commission (EFCC) has expressed alarm over the rising incidence of cybercrime in Nigeria, noting that it accounted for a significant portion of the 3,455 cases recorded between H2 2023 and H1 2024, with losses amounting to $500 million in 2022.
To address the growing threat of cybercrime, the EFCC is establishing a Cybercrime Research Centre in collaboration with a local fintech company. The initiative aims to train young Nigerians in cybersecurity and cybercrime research to bolster the nation’s defense against such malicious activities.
In a bid to fortify Nigeria’s digital infrastructure, the National Security Adviser, Malam Nuhu Ribadu, disclosed that the government has made substantial progress in developing AI programs with the assistance of local vendors. Ribadu stressed the importance of adopting AI to enhance digital security and safeguard the country’s digital assets against potential threats.
In conclusion, the court’s ruling on the return of fraudulently transferred funds signals a crucial step in combating cybercrime in Nigeria’s financial sector. It underscores the pressing need for enhanced cybersecurity measures and collaborative efforts to mitigate the ever-growing threat posed by cybercriminals.