Serious questions are being raised about cybersecurity lapses in Nigeria’s banking sector after three men accused of masterminding a ₦60,479,480 cyber heist from Lotus Bank were granted bail by a Federal High Court sitting in Lagos.
The suspects, Mohammed Abubakar, Isiyaka Hussein, and Musa Mohammed, allegedly breached the bank’s core banking system, siphoning tens of millions of naira through fraudulent electronic transfers.
Justice Friday Ogazi admitted each defendant to bail in the sum of ₦30 million, with one surety in the same amount.
The surety, according to the court, must either be a property owner within the court’s jurisdiction or a civil servant not below Grade Level 12 in a state or federal ministry.
Their bail applications, moved by defence counsel I. S. Ishola and J. C. Obajunwan, were not opposed by the prosecution, led by Y. M. Bello, who told the court that bail remained at the court’s discretion but urged that conditions be strict enough to ensure attendance at trial.
The three men were arraigned in September 2025 by the Police Special Fraud Unit (PSFU), Ikoyi, on a six-count charge bordering on cybercrime, conspiracy, and money laundering.
They pleaded not guilty to all counts under Charge No. FHC/L/768c/2025.
Read Also: Fraud Charges: Obanikoro’s Son, Four Others to Face Trial on February 27
According to the charge sheet, the defendants and others still at large allegedly hacked into Lotus Bank’s core banking application on September 17, 2024, modifying transaction data and diverting funds into multiple private accounts.
Investigators allege that the cyberattack exploited internal access vulnerabilities, allowing funds to be transferred without corresponding debit alerts, an indication of a significant systems compromise within the bank’s digital infrastructure.
The alleged offences contravene multiple laws, including:
* Sections 27(b), 14(4), and 16(1) of the Cybercrimes (Prohibition, Prevention, etc.) Act, 2024,
* Section 18(2)(d) of the Money Laundering (Prevention and Prohibition) Act, 2022,
* Section 383(2)(a) of the Criminal Code Act.
Each count carries severe penalties for computer-related fraud and unlawful modification of banking data.
The prosecution claims that part of the stolen funds ₦25 million, was traced to Lotus Bank accounts under the names Mohammed Khalid Abubakar and Aishat Talatu Jibrin, among others.
The case has been adjourned to late January 2026 for trial.
The incident has once again spotlighted the growing threat of cyberattacks targeting Nigerian banks, raising concerns about internal control weaknesses and the urgent need for stronger cybersecurity frameworks in the financial sector.
