How hackers stole a record $12m from Kenyan banks in 2024 heist

FILE PHOTO: Figurines with computers and smartphones are seen in front of the word "hacker" in this illustration taken, February 19, 2024. REUTERS/Dado Ruvic/Illustration/File Photo

Source: X02714

Internet hackers stole a record Sh1.59 billion ($12 million) from Kenyan banks last year, exploiting weaknesses in mobile and online banking in what regulators say is the country’s biggest cyber heist to date.

A new report from the Central Bank of Kenya (CBK) shows losses quadrupled from Sh412 million in 2023 (approximately $2.8 million), largely due to fraudulent wire transfers and sophisticated scams targeting mobile banking systems, Business Daily reports.

The criminals siphoned over Sh810.68 million ($6.1m) through mobile banking alone, deploying tactics like SIM swaps, phishing, malware, and identity cloning. The figure represents a 344 percent jump from the previous year, accounting for more than half of all money stolen.

The CBK noted that many of the scams happened late at night, often on weekends, when unsuspecting revellers were tricked into revealing passwords. Millennials, those born between 1981 and 1996, were identified as the most vulnerable group.

Overall fraud cases more than doubled, rising from 173 in 2023 to 353 in 2024. Losses from card fraud, computer hacks, online banking scams, and identity theft all surged, pushing total exposed funds, the amount criminals targeted before banks clawed some back, to nearly Sh2 billion ($15m).

The Bank further noted that card fraud cost customers Sh263.3 million, up nearly 17 times from the previous year, while computer hacking drained Sh203.4 million, almost triple the 2023 figure. Identity theft grew sixfold to Sh199 million.

While banks recovered about Sh368 million, insurers now warn of spiralling risks. Some banks are paying as much as Sh400 million annually in premiums to cover cyber thefts.

“The motivation of cyber criminals targeting financial institutions is financial gain. Cyber fraud was prevalent in the banking sector in 2024, with reported cases rising from 157 in 2023 to 353 in 2024, and the mount exposed increasing from Sh680.9 million to Sh1.9 billion,” the bank noted, adding, “Perhaps the most significant and emerging operational risk facing the financial sector is associated with the rapid adoption of financial technologies,” the CBK warned.

The Communications Authority of Kenya reported that cyberattacks in the country more than doubled to 7.96 billion attempts in the year to June 2025, with system attacks accounting for 97 percent of the threats.

This story is written and edited by the Global South World team, you can contact us here.

Portia Etornam Kornu [email protected]