A suspected cyber fraudster has been arrested and arraigned in court over a sophisticated Sh11.4 million cyber heist that targeted a leading microfinance institution in Kenya. The case, investigated by detectives from the Banking Fraud Investigation Unit (BFIU), exposes a carefully executed system breach involving hidden transactions, deleted logs, and malicious software.
The accused, Seth Mwabe Okwanyo, also known as Seth Onyango Odhiambo, appeared in court and pleaded not guilty to multiple cybercrime and money laundering charges. He was later released on bail as investigations continue.
According to investigators, the fraud incident dates back to July 16, 2025, when unusual activity was detected within the institution’s transaction systems. A forensic review revealed that 38 fraudulent transactions had been executed in a single day, leading to a total loss of Sh11,410,165. What alarmed investigators most was that although the transfers appeared successful to the recipients, they were missing from the institution’s internal transaction records.
This discrepancy prompted a deeper technical audit, which uncovered signs that system and database logs had been deliberately erased to conceal the activity. Cyber forensic experts also discovered that an unauthorised Java application had been secretly installed within the system. Detectives believe this malicious tool was used to manipulate transaction processes, bypass internal controls, and move funds without detection.
Authorities further allege that part of the stolen money was later laundered through a network of accomplices using layered transfers to obscure the trail.
In court, prosecutors charged the suspect with unauthorised access to a computer system, computer fraud, and money laundering, covering a total of 20 counts. The court granted bail set at Sh1.5 million bond or Sh500,000 cash bail, and scheduled the case for mention on March 3, 2026.
Investigators say the case highlights the rising threat of cyber fraud against financial institutions in Kenya, especially attacks that combine system intrusion with transaction masking techniques. Financial organizations are being urged to strengthen digital security controls and continuous system monitoring to guard against similar breaches.
.
.webp)
