In a landmark ruling aimed at curbing financial cybercrime, Justice Deinde Dipeolu of the Federal High Court in Lagos has ordered 54 Nigerian banks and financial institutions to return the sum of N9,329,322,870 fraudulently diverted by hackers from an unnamed old-generation bank.
The court’s decision, delivered on April 15, 2025, followed an ex parte motion filed under suit number FHC/L/CS/629/2025. The ruling mandates the immediate recovery and return of the stolen funds and enforces a Post No Debit order on all bank accounts suspected of receiving the illicit transfers.
According to court filings, the affected bank discovered on March 23, 2025, that its core banking system had been breached, resulting in unauthorized debits across several customer accounts. The hackers then dispersed over N9.3 billion across multiple accounts in 54 banks, moving the funds through primary, secondary, and tertiary recipients in an elaborate laundering scheme.
The cyberattack is one of the largest financial breaches recorded in Nigeria’s banking sector in recent years, raising renewed concerns about the integrity of digital financial infrastructure and the urgent need for enhanced cybersecurity measures.
In its ruling, the court instructed all 54 banks to trace and recover any funds remaining in the accounts where the fraudulent transfers landed. Justice Dipeolu also ordered the banks to freeze the implicated accounts and provide detailed data on each, including balances, transaction histories, and beneficiary details.
“Each financial institution is hereby directed to file an affidavit disclosing the accounts into which the stolen funds were transferred, including the destination accounts and current balances,” the ruling stated. “For the avoidance of doubt, the order is only in respect of funds erroneously transferred and sums salvaged. It does not affect legitimate deposits or other customer funds.”
The judge reaffirmed the ownership of the funds as belonging solely to the plaintiff bank, not to the customers of the receiving banks, thereby authorizing a full restitution process without contravening standard banking operations or affecting unrelated deposits.
Industry experts are hailing the court’s decision as a vital step toward financial accountability and a strong message to cybercriminals. “This ruling is a wake-up call for Nigerian banks to fortify their cybersecurity frameworks,” said financial analyst Tunde Balogun. “The digital landscape is evolving, and so are the tactics of cybercriminals. A breach of this magnitude should prompt immediate systemic reforms.”
Cybersecurity consultants also emphasized the importance of proactive measures such as real-time fraud detection, multi-factor authentication, and regulatory compliance audits to prevent future breaches.
As the recovery process begins, questions remain about the identities of the hackers and how they managed to bypass the bank’s security protocols undetected. A source close to the investigation revealed that forensic teams are working closely with the Economic and Financial Crimes Commission (EFCC) and the Nigerian Inter-Bank Settlement System (NIBSS) to trace the masterminds and bring them to justice.
The plaintiff bank has so far withheld its name from public disclosure, possibly to protect ongoing investigations or safeguard customer confidence. However, legal experts say the public is likely to demand more transparency as details unfold.