Skip to content Skip to sidebar Skip to footer

Patricia breach: 50 Million Naira diversion traced to a governorship candidate. Investigations continue, says the Nigeria Police.

Edison Irabor

Wilfred Bonse, a Rivers State governorship candidate in the last elections, has been arrested by the Nigeria Police Force – National Cybercrime Center (NPF-NCCC) in connection with Patricia security breach. According to the press briefing by the Public Relations Officer (PRO) of the Nigeria Police, ACP Olumuyiwa Adejobi, Force Headquarters, Abuja FCT, on 24 November 2023, the case is a “complex financial fraud”. Mr. Bonse, the arrested suspect, was the governorship candidate of the New Nigeria People’s Party (NNPP) at the last Rivers State Gubernatorial Election, 2023. Is this a win for Patricia, its customers, and the crypto industry?

From the study of the press briefing by the Nigeria Police Force, Patricia submitted a petition to the Inspector General of Police (IGP) over the security breach and the loss of funds on the cryptocurrency exchange. According to the petition, Patricia alleged “criminal conspiracy, unauthorized modification of computer systems, network data, and the unlawful diversion of funds amounting to over Two Hundred Million Naira (N200,000,000:00k)”. In the same petition, Patricia outlined the details of the alleged theft, conversion of cryptocurrency wallets, and unauthorized fund diversion from Patricia’s Flutterwave account. According to the press briefing by the Nigeria Police, “the petition specifically mentioned some individuals currently at large”.

While the suspects are still currently at large, the Nigeria Police Force says it has “made significant strides in the investigation of a complex financial fraud case reported by Patricia Technologies Limited”. It was the painstaking efforts of the Nigeria Police Force that has led to the arrest of Amb Wilfred Bonse.

According to the press briefing, Wilfred Bonse conspired in laundering the sum of Fifty Million Naira (N50,000,000) originating from the fraudulent diversion of Six Hundred and Seven Million Naira (N607,000,000) from Patricia Technology company’s account to his bank account through a cryptocurrency wallet. It was not stated in the press briefing whether the 50 Million Naira or any part of it as traced to the suspect, Wilfred Bonse, has been recovered by the Nigeria Police Force. If the allegedly diverted funds have been used or dissipated by the suspect, the recovery process—particularly from the point of view of Patricia users—becomes more challenging, and consequently longer, if not uncertain.

Patricia CEO updates community; says arrest of suspect is a win. 

In a message to the SiBAN online community some of CAB’s correspondents belong, Hanu Agbodje, CEO of Patricia, shared the following update:

Hello, Top of the day, An update on Patricia, 

Here we have the Nigerian Police Force PRO announcing the arrest one [sic] Wilfred Bonse and his minions. 

Wilfred bonse, was a Governorship Candidate in Cross River 2023 elections, who was used to steal N607,000,000 from Patricia.

This is not all the monies lost, but recovery from this would go a long way to sooth Patricia users. 

The case is still being investigated, the hackers used politicians to launder the stolen money. All of whom would be brought to the book. One by One. 

My commitment remains to Patricia users, Repayment started on the 20th of November, and it would continue. Until every user is reached. 

We still have some grounds to cover, but myself and the Patricia team, we Take this win. 

Thank you.

The update has been received with mixed reactions. But one thing is clear: Patricia still has serious work ahead towards tracing funds and recovering them.

Meanwhile, the Nigeria Police Force has assured the public that all individuals involved in the criminal conspiracy against Patricia will be brought to justice. Investigations continue, it said.

Patricia’s DLM Trust partnership announcement followed by a disappointing outcome for expectant customers 

A month ago, 25 October 2023, Patricia had announced a partnership with DLM Trust, a subsidiary of DLM Capital Group, licensed by the Securities and Exchange Commission (SEC), to help it handle trusteeship and debt restructuring for the benefit of Patricia users. According to Patricia, the partnership “would ensure a seamless, secure, and speedy repayment of customer deposits starting on November 20th, 2023.” But at the time of writing, there is no reliable information that affected Patricia users have been able to recover their funds.

But DLM eventually announced that it has put its partnership with Patricia on hold. According to DLM Trust as reported by Techpoint, “it will no longer be proceeding with Patricia Technologies as it’s [sic] escrow trust in repayment of ₦2 billion withheld customer funds.” This is due to “multiple breaches in the terms and conditions of agreement and trust between Patricia Technologies and DLM Trust Company.”

Empty Lagos office suspected by disgruntled customers to be Patricia’s abandoned office in the wake of the cryptocurrency exchange’s delay with funds recovery

Four days before the announcement of the DLM Trust partnership, Patricia had issued a statement following a video that has been circulating on social media. The video showed an empty office purportedly that of Patricia. To some followers, they believed that the video suggested that Patricia must have scammed their customers by abandoning their Lagos office. In Patricia’s official statement however, it clarified that the office shown in the video was “not an active office of Patricia” but an innovation hub that was launched in April 2023 to serve as a free workspace for developers and cryptocurrency enthusiasts. 

Following the cryptocurrency directive by the Central Bank of Nigeria (CBN) in February 2021, Patricia went fully remote and relocated its headquarters to Vilnius, Lithuania. According to Patricia’s statement, it has invested significantly in infrastructure to enable it to run its fully remote business model with members spread across different continents. 

Logically, a full remote business model comes with higher cybersecurity risks. How robust is Patricia’s cybersecurity infrastructure? Did Patricia’s failure to have a strong cybersecurity system on its crypto exchange platform result in the security breach it has suffered? 

While customers must be (a little) relieved that the Nigeria Police Force is aware of the Patricia security breach and continues to trail the suspects, a number of disgruntled customers remain distrusting. Since TechCabal reported in May 2023 that Patricia’s newly reported hack happened in January 2022 and cost the company $2 million, Patricia has had quite a struggle controlling the narrative. If Patricia had done full disclosure about the security breach before it was exposed by the media, the story might have been different today. Today, anytime Patricia releases a community update, users on both X (formerly Twitter) and Instagram are fuming and causing, demanding immediate recovery of their funds.

Why Crypto Industry Stakeholders Should be Collectively Concerned about Patricia and Its Customers

Trust and confidence in cryptocurrency exchanges and other virtual asset service providers (VASPs) in Nigeria must not be eroded.

In an industry that is largely self-regulated, industry stakeholders need to work together to ensure that Patricia’s handling of the issue is consistent with best practices.

For instance, what role is an industry body such as Stakeholders in Blockchain Technology Association of Nigeria (SiBAN) playing to ensure accountability and transparency on the part of Patricia for the purpose of customer funds management and recovery? 

The industry must demonstrate its willingness and readiness to promote consumer protection and investor safety.

In June 2023, we documented the reactions of industry stakeholders—as well as the way forward they suggested—to the Patricia security breach. To win, Patricia breach needs to be thoroughly investigated in order to ensure transparency in the entire process, before and after the breach. This will help prevent—or at least minimize—future occurrence in an industry that deploys a “trustless technology” but continues to suffer distrust.