Kenyan Bank Hacked, $4 Million Stolen and Laundered
- XYZ Bank loses $4 million; IT contractors involved.
- Funds moved through offshore wallets and converted to USDT.
- Authorities anticipate arrests in the insider-driven incident.
A Kenyan bank, anonymized as “XYZ Bank,” was hacked, resulting in $4 million stolen by IT contractors. The theft leveraged downgraded security protocols, and the funds converted to USDT, were moved through virtual wallets offshore.
The incident highlights issues with contractor-managed IT systems, showcasing potential risks and challenges for the financial industry. Immediate repercussions for the bank and investigations are underway.
The $4 million cyber theft targeted “XYZ Bank,” facilitated by IT contractors who downgraded security to exploit card protocols, enabling illegal virtual card creation. The Kenyan Directorate of Criminal Investigations leads the investigation. Arrests are imminent.
The stolen funds, converted into USDT, were distributed across multiple offshore wallets. This laundering tactic complicates asset recovery and poses significant challenges for investigators working on the case.
Industry observers note a trend towards insider-driven cybercrime within African financial institutions. Stablecoins such as USDT are increasingly utilized for laundering due to their anonymity and global reach. This reflects a larger global pattern of virtual currencies in illicit activities.
Cybercriminals have been observed to utilise virtual currencies to move their illicitly acquired proceeds. — FRC Report
Technological and regulatory outcomes, including enhanced oversight of IT contracts, are expected. The Kenya Financial Reporting Centre warns of insider threats and emphasizes the risk in outsourcing IT infrastructure. The shift to more secure protocols is urged to prevent future breaches.
