A Federal High Court in Lagos has mandated 54 banks to immediately return over N9.3 billion stolen by hackers from an unnamed old generation bank, following a successful ex parte motion

[dropcap]J[/dropcap]ustice Deinde Dipeolu of the Federal High Court in Lagos has delivered a landmark judgment, ordering 54 banks to immediately return a total of N9,329,322,870 that was fraudulently transferred by hackers from an unnamed old generation bank. The ruling came on April 15, 2025, following an ex parte motion filed in suit number FHC/L/CS/629/2025.

Also read: Nigerian Banks clear USSD debt, prevent service disruption

The court has directed the 54 financial institutions to immediately place a Post No Debit (PND) restriction on all accounts that received the stolen funds.

Furthermore, the banks are mandated to commence the immediate return of all recoverable funds to the originating bank.

According to the plaintiff bank’s report, its core banking system was breached on March 23, 2025, leading to unauthorized debits from numerous customer accounts.

The total amount stolen exceeded N9.3 billion and was subsequently dispersed across accounts held in the 54 implicated financial institutions.

Upon discovering the security breach, the affected bank promptly alerted the receiving institutions and initiated a tracking process for the disbursed funds.

Investigations revealed that the funds were transferred in multiple tranches from the originating bank into primary accounts before being further rerouted to secondary and tertiary beneficiary accounts.

The stolen funds belong to the plaintiff and not the customers of the respondent banks,” Justice Deinde Dipeolu ruled, ordering the full restitution of the N9.3 billion.

Justice Dipeolu’s ruling requires the implicated banks to provide comprehensive details of the accounts involved, including current balances and the amounts that have already been transferred out.

The judge further ordered the immediate return of all funds that can be recovered to the plaintiff bank.

In addition to the financial restitution, the court has instructed the 54 banks to share complete customer data related to the fraudulent transactions, including the names of account holders and the destination accounts of the transfers.

The PND restrictions on the receiving accounts are to remain in place until the full amount of the fraudulently transferred funds is recovered, limited to the specific amount each account received.

Justice Dipeolu clarified the scope of the ruling, emphasizing that it applies strictly to the funds that were erroneously transferred due to the cyberattack and does not affect any other legitimate customer deposits held within the respondent banks.

“For the avoidance of doubt and for clarity, the order is only in respect of funds erroneously transferred and sums salvaged,” the ruling stated.

Concluding the judgment, Justice Dipeolu affirmed the court’s authority to order full restitution, stating unequivocally that the stolen funds “belong to the plaintiff and not the customers of the respondent banks.”