A man suspected of masterminding a sophisticated cyber-attack on a leading electronic payments platform in Kenya has been arrested as police dig deeper into a multi-million-shilling financial fraud scheme.

Joseph Momanyi was arrested on April 12 at his Kahawa West residence and is accused of hacking into Web Tribe Limited financial system—owners of JamboPay—and transferring over Sh49 million to various M-Pesa wallets, bank accounts and till numbers.

Access Gained Through Client Portals

According to an affidavit by Nickson Ngigi, an officer from the Directorate of Criminal Investigations (DCI), Momanyi and his associates allegedly gained unauthorized access to JamboPay’s client portal between July 19 and 24, 2024 using legitimate customer profiles from Korapay, Finera and JamboPay transaction merchant accounts.

Once inside, the hackers reportedly disabled mobile phone numbers used for receiving transaction OTPs (One-Time Passwords) and executed fraudulent fund transfers undetected.

Ngigi stated that the attacker’s methods point to intentional manipulation of authentication protocols, a tactic used to bypass system alerts and avoid triggering security flags.

Detention and Forensic Analysis

Police were granted permission to detain Momanyi at Muthaiga Police Station for seven days as they conduct further investigations. Among the reasons cited was the need to carry out digital forensic analysis on mobile phones and laptops recovered during the arrest.

Momanyi is alleged to be part of a larger cybercrime syndicate and has already confessed to working with other individuals in executing the hack. Authorities believe he can help identify and locate his accomplices, some of whom are suspected to own the bank and mobile accounts used in the transactions.

“His cooperation cannot be overlooked, noting that he is the one who knows his accomplices,” Mr Ngigi noted.

Police also recovered assorted SIM cards registered under different names, a tactic that according to investigators is a calculated attempt to evade detection through identity obfuscation.

Computer Fraud and Money Laundering Charges

Momanyi is being investigated for computer fraud under Section 26 of the Computer Misuse and Cybercrimes Act and for money laundering. The authorities believe the scale and coordination of the attack indicates involvement in organized cybercrime. 

“The suspect has been evading, using mobile numbers of other people and using WhatsApp calls to avoid being tracked,” the police affidavit states.

Ngigi also warned that releasing the suspect could compromise the ongoing investigation as the syndicate is still active and can cover its tracks.

Cybersecurity in Kenya: A Growing Concern

This is the latest in a series of high-profile cyber-attacks in Kenya, exposing weaknesses in digital payment systems and the growing threat of organized cybercrime. Kenya’s fintech industry has grown fast but the legal frameworks and enforcement mechanisms are still behind.

Key Takeaways:

  • A suspect in a Sh49 million cyber heist on JamboPay has been detained for a week as police investigate links to a wider syndicate.

  • Hackers exploited client portals and disabled OTP mobile numbers to execute the fraud.

  • Recovered SIM cards and digital devices will undergo forensic analysis.

  • The case highlights critical security vulnerabilities within Kenya’s fintech infrastructure.

  • Authorities are pursuing charges under the Cybercrimes Act and Anti-Money Laundering laws.