HabariPay, the fintech subsidiary of Guaranty Trust, has begun a legal process to recover ₦1.1 billion (*$1.1 million) erroneously sent to several thousand account holders in 2023. On Wednesday, a federal high court in Lagos granted an application for over 40 financial institutions to restrict accounts that received those funds.
The fintech lost the money after it mistakenly credited merchants twice. As a condition for lifting those restrictions, affected merchants will be contacted and asked to refund the extra money received.
“Any other account that benefitted or received the double credit transaction” will also be compelled to refund the extra money, said court documents seen by TechCabal. The court documents did not specify how the double credits happened.
One person with direct knowledge of the situation said hackers accessed the fintech’s website using a strategy called race conditioning, which allowed them to trigger simultaneous transactions.
At least one person connected to GTCO claimed the incident resulted from human error.
Before instituting the legal process, HabariPay had begun recovering some of the funds by directly contacting merchants to reverse some of the transactions, one person with knowledge of the situation said.
It only went to court to compel merchants it could not reach independently to also reverse the transactions. Court orders are crucial for financial institutions since they cannot reverse erroneous transactions without legal authorisation.
The fintech’s delay in initiating the court process underscores the slow pace of legal proceedings in Nigeria, a challenge for financial institutions that need to recover lost funds quickly.
Habari Pay’s fraud incident highlights the worrying trend in Nigeria’s financial sector, where financial institutions lost $25.7 million to fraud in the second quarter of 2024—a 1,784.94% jump from the previous quarter.
