Kenya Insights

Tag: equity bank heist

  • Is Equity Bank Becoming A Fraudsters’ Den?

    Is Equity Bank Becoming A Fraudsters’ Den?

    The numbers are staggering. Over the past three years, Equity Bank Group has lost the equivalent of more than Sh4 billion to a cascading wave of fraud and cybercrime that has struck the lender in nearly every market it operates: Kenya, Uganda, Rwanda, and with further exposure expected in Tanzania, South Sudan, and the Democratic Republic of Congo.

    The losses have come through hacked payment systems, stolen staff credentials, insider-facilitated transfers, cryptocurrency laundering, and now a cross-border digital heist involving the bank’s Rwandan subsidiary.

    The question that Kenya’s banking establishment and its regulators refuse to answer publicly is blunt: at what point does a pattern of catastrophic, recurring financial crime stop being a series of unfortunate incidents and start being evidence of systemic failure?

    Equity Group Holdings, which styles itself Africa’s leading financial inclusion champion and holds the distinction of being East Africa’s largest bank by market capitalisation, has framed every theft as a trigger for reform.

    Each successive heist has been met with a press release, a CEO speech and, eventually, a mass dismissal.

    In 2025, the bank fired more than 1,500 employees in successive waves across its Kenyan and Ugandan operations, in what CEO James Mwangi called the most aggressive internal anti-fraud campaign in East African banking history.

    Then, barely eight months later, Equity Bank Rwanda was looted of Rwf 4.9 billion — roughly USD 3.4 million — in a five-day digital heist coordinated across two countries. The mop-up had not even finished before the next attack arrived.

    The Blueprint: How The Looting Has Unfolded

    The first recorded systematic assault on Equity’s digital infrastructure in recent memory began quietly in April 2023, when unknown actors penetrated the bank’s CyberSource payment and fraud management system. Security configurations for three registered merchants were downgraded from three-dimensional authentication — which requires multiple layers of verification — to two-dimensional, which offers far weaker protection.

    For the next three months, fraudulent credit card scripts were run silently against the three merchants, with payments debited straight from Equity Bank’s settlement account.

    No goods changed hands. No services were rendered. The money simply disappeared.

    By the time Equity Bank discovered what had happened and filed a report with the Directorate of Criminal Investigations, it had lost Sh322.1 million. Correspondence between the DCI and the Office of the Director of Public Prosecutions, subsequently seen by Nation Africa, traced the stolen funds through multiple local bank accounts before a portion landed in the United Arab Emirates through a private company in Abu Dhabi, operated via a Kenyan-British businessman who is among four suspects recommended for prosecution.

    The DCI noted that forensic analysis of a seized laptop was expected to reveal whether an Equity Bank staff member facilitated the breach from inside.

    Whether the employee-collusion angle was ever conclusively resolved has not been made public. Whether the Abu Dhabi funds were ever recovered remains unknown.

    One year later, almost to the month, the credit card fraud vector was struck again.

    Between April 9 and 15, 2024, Sh179.6 million was fraudulently paid out to 551 bank accounts and mobile money wallets.

    Investigators determined that an Equity Bank employee had installed malware in the bank’s main system specifically to delay detection, buying time for the stolen funds to be dispersed.

    Equity managed to freeze Sh60 million; the remaining Sh118.9 million had already been moved — Sh63 million to M-Pesa accounts and Sh39 million to accounts in competing banks.

    The CBK said nothing publicly. Equity Bank said nothing publicly. The incident was disclosed only through investigative reporting.

    The Sh1.5 Billion Payroll Heist: An Inside Job At The Heart Of The Group

    July 10, 2024, was the date that changed everything for Equity Group. Through 47 transactions designed to mimic routine salary payments, cybercriminals siphoned Sh1,545,553,374.59from the bank’s salary suspense general ledger — an internal account used to process payroll for corporate clients — in a single day.

    The scheme was breathtaking in its sophistication: the transactions looked, on every internal system, like legitimate corporate payroll disbursements to employees of various companies.

    In reality, Kenya’s second-largest bank was being drained in one of the most audacious bank heists this country has ever seen.

    At the centre of the investigation was David Kimani Machiri, a general manager at Equity Bank’s Group Processing Centre, Salary Processing Unit, who held direct system access to the compromised account.

    The digital fingerprints of every one of the 47 transactions pointed to his credentials. Machiri had, investigators noted with particular suspicion, taken sick leave immediately before the theft.

    Yet somehow, his access codes were live and fully operational on the day of the heist. When confronted, his explanations did not satisfy investigators. He was arrested on July 12, 2024, and granted bail of Sh500,000 — then, on August 11, 2024, he was allegedly abducted and reportedly held in a forest, in a twist that raised immediate questions about who, precisely, needed him silenced.

    As investigators followed the money, a second name surfaced: Ruth Muthoni Kamau, a businesswoman whose companies — Goodmans Fresh Ltd and Blue Kenfresh Ltd — received Sh105 million directly, with additional funds flowing into personal accounts.

    A third suspect, Owen Karanja, received Sh215 million through his companies and, according to police, converted the entire sum to bitcoin deposited into a Binance cryptocurrency wallet registered in Muthoni’s name.

    A fourth suspect, initially identified only as “Geoffrey”, was revealed through fingerprint analysis to be Geoffrey Kahungi Kiragu, founder of Lesedi Developers, a real estate firm that had defrauded more than 800 investors of at least Sh1 billion before its collapse in 2023. Kiragu had simply moved on to bigger scores.

    Five individuals with Somali-sounding names received Sh463 million and were detained while attempting to access further funds at Equity Bank’s headquarters, pointing to the involvement of Hawala networks — the traditional Islamic money transfer system that operates entirely outside conventional banking channels — alongside cryptocurrency conversion.

    The theft, in other words, was not opportunistic. It was a planned, multi-layered, professionally executed financial crime involving serial fraudsters, an insider, conversion to crypto to defeat tracing, offshore routing through forex bureaus, and hawala for the final clean-out.

    The Cover-Up That Made A Scandal A Crisis

    What elevated the Sh1.5 billion heist from a serious crime to a potential institutional crisis was the allegation of systematic interference in the investigation itself.

    Inspector Bonface Maina Kamau, the lead Banking Fraud Investigation Unit detective on the case, found himself at the centre of what internal police correspondence suggests was an orchestrated campaign to derail the probe after he challenged inconsistencies in Ruth Muthoni’s witness statement — including a document that bore the wrong year, 2023 instead of 2024, and an improperly initialled recording.

    When Inspector Kamau pushed for a corrected statement, Muthoni filed a complaint against him with the Directorate of Public Complaints, accusing him of demanding a Sh10 million surety and orchestrating an illegal abduction.

    The complaint triggered Kamau’s sudden transfer to Baragoi in Samburu County — one of Kenya’s most remote postings — effectively removing the most knowledgeable investigator from the most complex financial crime case in the country.

    In protest letters to senior police officials, Kamau alleged that two senior DCI officers from the Transnational Organised Crime Unit had “incessantly tried to help Ms Muthoni wriggle out of the investigation”, that ODPP bureaucrats had made similar approaches, and that Muthoni had made WhatsApp calls to “senior officers in the DCI and the National Police Service” while being processed and had met an officer who provided her with a BFIU contact for “furtherance in assistance she needed.”

    Muthoni has since obtained a court order blocking the police from investigating or arresting her, claiming the investigation is tainted.

    A Nairobi lawyer, Esther Bitutu Kadiki, was arrested in May 2025 and charged in connection with the heist, with court papers alleging she was instrumental in orchestrating the fraudulent siphoning of funds.

    The Group’s own Chief Internal Auditor was sacked in October 2024 after being blamed for oversight failures that preceded the theft. Multiple legal proceedings now run concurrently in different courts. The investigation, in short, is as fragmented as the stolen funds.

    Uganda: Years Of Looting Under The Bank’s Nose

    Kenya’s losses, spectacular as they are, represent only part of the story.

    In Uganda, Equity Bank has suffered a slow-motion catastrophe that should have raised alarm bells at the board level years ago.

    Between 2018 and 2024, the Ugandan subsidiary was consumed by a massive insider fraud scheme in which UGX 65 billion — approximately USD 17 million — in unsecured loans was issued through the bank’s Eazzy Stock digital lending platform to fake companies, unqualified borrowers, and employees’ relatives, without adequate due diligence.

    At least eight staff members were prosecuted. Managing Director Anthony Kituuka resigned. The scheme contributed to Equity Bank Uganda recording a UGX 18.8 billion net loss in 2023, a figure that has since been partially reversed — but not without leaving a deep scar on the subsidiary’s credibility.

    In 2022 and 2023, a wave of SIM-swap and mobile banking frauds hit Ugandan customers.

    In 2024, the bank was separately exposed to an additional UGX 4 billion in losses from the negligent failure to reconcile thousands of Visa card transactions, a failure investigators linked to two employees in the bank’s monitoring team. When the bank moved to recoup those losses by placing liens on affected accounts, it placed them on accounts that were already dormant or had been closed — aggravating customers who had nothing to do with the fraud.

    Beyond the human toll, the UGX 4 billion card fiasco exposed a monitoring team that was either incompetent or complicit.

    In one additional case, an Equity Bank Uganda operations manager was charged in court over the alleged theft and laundering of USD 2.8 million from the lender.

    By mid-2025, when Mwangi extended his Kenyan anti-fraud purge into Uganda, Equity Bank Uganda’s fraud-related provisions had ballooned to UGX 191.2 billion — a figure that, taken alone, would be a national banking scandal in any country on the continent.

    Rwanda 2026: The Purge Did Not Hold

    Rwanda was supposed to be different. Equity Group had explicitly named it as one of the subsidiaries that would be swept through the integrity audit Mwangi had launched.

    The CEO had gone on record in May 2025 promising to be “consistently ruthless.” Rwanda, Tanzania, South Sudan and the DRC were named destinations for the crackdown. Eight months later, on February 14 to 18, 2026, attackers executed a five-day digital assault on Equity Bank Rwanda that drained Rwf 4.9 billion — approximately USD 3.4 million — from the bank’s mobile money float system. Equity detected and contained the breach, reversing a majority of transactions within 24 hours. Approximately USD 2.5 million — 74 percent of the total — remained outstanding.

    On March 15, 2026, Equity Bank Rwanda confirmed the incident. On March 23, 2026, six Ugandan nationals — Mugisha Solomon, Enock Mpanga Kazige, Katerega Benedicto, Kiyimba Faruk, Oketcho Gerard, and Katamba Isma — were arraigned at Kampala Metropolitan Police under CRB: 215/2026, charged with electronic fraud under Section 18(1) and (2) of Uganda’s Computer Misuse Act, Cap 96.

    The Rwanda Investigation Bureau had separately detained 35 individuals in Rwanda, including two Equity Bank Rwanda IT staff connected to data centre operations.

    Investigators told sources that “there must have been physical access to the data centre.” The reference in the Ugandan charge sheet to “others still at large” confirmed the operation was wider than the six individuals in custody.

    The 2026 attack was not Rwanda’s first encounter with criminals targeting Equity Bank. In November 2019, twelve people — eight Kenyans, three Rwandans, and a Ugandan — were arrested in Kigali while attempting a similar cyber-fraud operation against the bank.

    They were convicted in 2021 and sentenced to eight-year jail terms. That history makes the 2026 breach more damning, not less: Equity Bank Rwanda had been on notice since 2019 that it was a cross-border target.

    The 2026 attack was, by all accounts, far more technically sophisticated — exploiting the mobile money float mechanism, deploying a cross-border human mule architecture, and apparently gaining entry through a third-party vendor’s system rather than through a frontal assault on the bank’s own network.

    The Rogue Employee At Sh387M: A Fourth Attack In The Same Year

    Even as the Sh1.5 billion payroll heist dominated headlines, Equity Bank Kenya was simultaneously absorbing a fourth major loss. Between May 17 and June 14, 2024 — while the payroll investigation was still live — a rogue employee illegally transferred Sh386.5 million to eight companies: Ubahashi Traders Limited, Calabash Adventures Limited, Jahnur Investment, Kariye Investment, Flowerish International, Kariye Salah Ali, Hotho Investments, and Sasa Pay Trust.

    Equity Bank rushed to court for freezing orders and reported the matter to the BFIU. This was a separate theft, a separate employee, separate beneficiary companies — yet sharing names with some of the Hawala-linked suspects already implicated in the payroll heist, a connection that raises questions about the breadth of the criminal network that had embedded itself inside the institution.

    The Audit Chief Is Fired, Not The System

    One of the more revealing episodes in this saga is what happened to Equity Bank’s most senior internal watchdog.

    Court papers filed in the Employment and Labour Relations Court reveal that a senior bank official who had served as Group Chief Internal Auditor since 2016 and was reassigned as Director Internal Audit in February 2024 was suspended in August 2024 and dismissed in October 2024, after the bank identified “omissions and/or commissions, failure or negligence” linked to his oversight role as contributing causes to the Sh1.5 billion loss.

    The man had spent 22 years at the institution. His termination was treated as a solution. The structure that allowed an internal salary suspense account to be drained of Sh1.5 billion through 47 transactions without real-time alert — that structure received no public scrutiny whatsoever.

    What The Numbers Actually Say

    Tallied conservatively across the documented incidents from 2023 to early 2026, Equity Group has lost or been exposed to fraud and cybercrime losses approaching the equivalent of Sh5.5 billion across its regional operations.

    The figure includes the Sh322.1 million CyberSource credit card fraud (2023), the Sh179.6 million repeat credit card fraud (April 2024), the Sh386.5 million rogue-employee transfer (May to June 2024), the Sh1.545 billion payroll heist (July 2024), the UGX 65 billion Eazzy Stock digital lending scandal in Uganda (2018 to 2024, equivalent to approximately Sh2.2 billion at current rates), the UGX 4 billion unreconciled Visa card losses in Uganda (2024), and the Rwf 4.9 billion Rwanda digital heist (February 2026, approximately Sh475 million).

    Not counted in this figure are the USD 2.8 million Uganda operations manager fraud, the title deed fraud of Sh490 million, forged payment instructions of Sh26.2 million, or fraudulent teller transactions of Sh39 million — all separately disclosed in court documents.

    The bank’s own internal audit, which led to the dismissal of between 1,200 and 1,500 employees across Kenya and Uganda by mid-2025, confirmed total losses over two years of at least Sh2 billion (approximately USD 15.4 million) from staff collusion alone.

    These are not allegations. These are figures drawn from the bank’s own public statements, court filings, police charge sheets, and DCI correspondence with the ODPP.

    The Structural Problem The Bank Will Not Name

    Every statement issued by Equity Bank Group in the wake of these incidents has shared a common theme: the problem is the people, not the system. James Mwangi has said he will be ruthless. He will clean the bank.

    He will protect mama mboga’s chicken. He will remove those who have compromised themselves. And so the bank has fired employees: 195 in May 2025, then 287 by mid-May, then 1,200 in a single wave on May 29, 2025 — nearly nine percent of the entire Kenyan workforce, handed two-day ultimatums to prove their innocence. By the time the Uganda purge was added, more than 1,500 people had been dismissed.

    What has not been publicly examined, by the bank, by the Central Bank of Kenya, by the Bank of Uganda, or by the National Bank of Rwanda, is this: how does a bank of Equity’s scale and sophistication — with a market capitalisation of Sh1.3 trillion, operations in seven countries, and a customer base exceeding 12.9 million — allow a single manager’s credentials to authorise 47 transactions totalling Sh1.5 billion from a salary suspense account without a single real-time flag? How does a credit card fraud scheme run undetected for three consecutive months before the bank notices? How does the same fraud vector succeed again, one year later, by a different set of criminals? How does an employee install malware in the main system without detection? And how does the Rwanda subsidiary, explicitly named for a post-Kenya integrity audit, end up being looted eight months after the CEO’s pledge to sweep it clean?

    The answer, which no one in authority is publicly willing to give, is that the problem is not primarily the employees.

    The problem is a digital banking architecture that expanded faster than the controls designed to govern it. Equity Bank has transformed itself, with extraordinary commercial success, from a building society for the unbanked into a seven-country digital financial services group processing millions of transactions daily across mobile money platforms, agent networks, and third-party technology integrations.

    In doing so, it has multiplied not just the opportunities for financial inclusion but the attack surfaces for financial crime. Every new integration is a potential entry point. Every new market is a new set of local fraudsters studying the system. Every new credential is a potential key.

    Where Are The Regulators?

    The Central Bank of Kenya has, to date, made no public statement specifically addressing the string of fraud incidents at Equity Bank. The Communications Authority of Kenya reported 7.9 billion cyber threats in the first eight months of 2025 — double the figure for 2024 — and the CBK has described Kenya’s banking sector as “resilient.”

    This is the same regulator that is mandated under the Banking Act to ensure the soundness and stability of institutions under its watch.

    The Bank of Uganda has been similarly silent on the Equity Uganda fraud provisions of UGX 191.2 billion. The National Bank of Rwanda confirmed only that it was cooperating with the Rwanda Investigation Bureau on the February 2026 attack.

    No regulator in any of the three primary jurisdictions has publicly demanded an independent audit of Equity Group’s cybersecurity architecture. No regulator has disclosed whether the bank faces any supervisory sanction for repeated material control failures.

    This silence is itself a regulatory failure. Kenya’s Banking Act grants the CBK sweeping powers to inspect, investigate and direct remedial action at licensed institutions.

    The Proceeds of Crime and Anti-Money Laundering Act creates obligations that the bank’s own transactions with the Abu Dhabi-routed funds, the bitcoin conversions, and the Hawala networks should have triggered.

    That the investigation into who precisely engineered the 2023 CyberSource hack — and whether an insider was involved — appears to have produced no public outcome three years later is not a point of comfort. It is a point of alarm.

    The Questions That Must Be Answered

    Is Equity Bank’s digital infrastructure fundamentally vulnerable to insider exploitation in ways that individual dismissals cannot fix? Why has no regulator in Kenya, Uganda or Rwanda publicly demanded an independent third-party cybersecurity audit of Equity Group’s core banking systems? How much of the combined Sh5-plus billion stolen from the bank across its markets has actually been recovered, and where is the money that reached Abu Dhabi in 2023? What happened to the investigation into Inspector Bonface Kamau’s allegations that senior DCI officers and ODPP bureaucrats attempted to shield Ruth Muthoni from prosecution? Are the criminal networks that have targeted Equity Bank in Kenya, Uganda, and Rwanda linked — and if so, is there a coordinated organised crime operation running across the group’s footprint that law enforcement has failed to map and dismantle? And why, after the largest internal purge in East African banking history, did Equity Bank Rwanda’s data centre apparently suffer a physical or near-physical access breach just eight months later?

    These are not rhetorical questions.

    They are the questions that the bank’s 12.9 million customers, its 14,000 remaining employees, its shareholders on the Nairobi Securities Exchange, the Uganda Securities Exchange and the Rwanda Stock Exchange, and the regulators in seven countries are entitled to have answered.

    The money belongs to ordinary Kenyans, Ugandans, and Rwandans. Some of it is mama mboga’s chicken. And it keeps disappearing.

  • Inside the Deadly CBD Chase That Left Two Suspects Down After Targeting Equity Bank Customer Amid Insider Leak Fears

    Inside the Deadly CBD Chase That Left Two Suspects Down After Targeting Equity Bank Customer Amid Insider Leak Fears

    Police gun down two thugs in dramatic CBD shootout as Sh300,000 vanishes, raising fresh questions about Equity Bank’s insider leak crisis

    The midday sun blazed over Nairobi’s bustling Central Business District on Tuesday when the crack of gunfire shattered the commercial calm, sending hundreds of shoppers and office workers scrambling for cover along Moi Avenue.

    Two suspected thugs lay dead. Six accomplices vanished into the urban maze with Sh300,000 in stolen cash. And once again, all fingers pointed toward Kenya’s most scandal-plagued financial institution: Equity Bank.

    The dramatic police shootout that transformed downtown Nairobi into a war zone for precious minutes has reignited a disturbing conversation that banking executives would rather see buried – are rogue bank employees leaking customer information to criminal gangs, effectively signing death warrants for unsuspecting clients?

    THE KILLING GROUND

    It was 11:47 AM when hell broke loose on one of Nairobi’s most congested thoroughfares.

    An official from Embassava Matatu Sacco had just completed a routine withdrawal for office operations. The envelope containing Sh300,000 felt heavy in his hands as he stepped onto Kimathi Lane, his mind already on the paperwork awaiting him back at the office.

    He never saw them coming.

    Eight men, moving with the practiced precision of predators who had done this many times before, closed in from different angles. Within seconds, the victim was surrounded, strangled, and stripped of his money. His screams for help pierced the air as bystanders froze in shock.

    But someone else had been watching too.

    Plainclothes officers from Nairobi Central Police Station, deployed specifically to monitor suspicious activity around banking halls, had spotted the gang stalking their prey. When the robbery erupted, they moved in fast.

    “They brandished knives at my officers,” Central Police Commander Philemon Nyakumbo told The Star at the crime scene, where blood still stained the pavement outside Contrast House. “We had no choice but to open fire.”

    Two suspects fell – one collapsing outside the building, another stumbling through the entrance before dying inside. Six others scattered like cockroaches into the crowded streets, disappearing with their ill-gotten gains despite one reportedly sustaining gunshot wounds.

    Police deployed tear gas to control the surging crowd of spectators who threatened to contaminate the crime scene. The bodies lay where they fell for nearly an hour as forensic officers photographed evidence and collected three knives, multiple mobile phones, and keys believed to belong to previous robbery victims.

    “I thought it was firecrackers,” recalled a shop attendant at a nearby boutique, still visibly shaken hours later. “Then I saw people running and blood everywhere. It was terrifying.”

    A PATTERN TOO DISTURBING TO IGNORE

    But Tuesday’s bloodshed was no isolated incident. It was merely the latest violent chapter in a chilling pattern that has terrorized Nairobi’s banking customers for months – and the trail of evidence keeps leading back to Equity Bank.

    The Star has established that just three weeks earlier, on November 13, another Embassava Matatu Sacco official was robbed of Sh500,000 immediately after leaving the same Equity Bank branch on Moi Avenue. The modus operandi was identical: gang members waiting outside, swift attack, immediate flight.

    Detectives investigating both cases have uncovered a disturbing commonality – in nearly every instance, victims were targeted within minutes of completing large withdrawals, suggesting someone inside the banking halls was feeding information to criminals in real-time.

    “These are not random muggings,” a senior DCI investigator told the media on condition of anonymity. “The precision, the timing, the knowledge of who is carrying cash – it all points to insider involvement. Bank employees or individuals planted in banking halls are the missing link.”

    Commander Nyakumbo confirmed that the gang had been operating across the CBD for several months, specifically targeting customers leaving banks and forex bureaus with visible cash or suspicious packages.

    “They’ve been hitting Tom Mboya Street, River Road, Kimathi Street, and Aga Khan Walk,” he revealed. “We believe they work in groups of four to eight, with spotters inside the banks signaling when high-value targets exit.”

    Police have launched a manhunt for the six escaped suspects and are reviewing CCTV footage from buildings along their escape route. But the bigger question haunting investigators is one that Equity Bank has consistently failed to answer: Who is leaking customer information, and how deep does the rot go?

    EQUITY BANK’S YEAR OF SCANDAL

    For Kenya’s third-largest bank by assets, 2024 and 2025 have been nothing short of catastrophic from a security and reputation standpoint.

    The institution has been rocked by a series of massive insider-driven heists that have exposed systemic vulnerabilities in its internal controls and raised serious questions about whether customer data is being weaponized by criminal networks.

    The Sh1.5 Billion Nuclear Bomb

    In July 2024, Equity Bank became the victim of the most sophisticated banking heist in Kenyan history when cybercriminals, working with internal accomplices, siphoned Sh1.545 billion from the bank’s salary suspense general ledger through 47 carefully orchestrated transactions.

    The mastermind? According to DCI investigations, a network involving senior bank manager David Kimani Machiri, city lawyer Esther Bitutu Kadiki, and businesswoman Ruth Muthoni Kamau, who allegedly received over Sh800 million of the stolen funds.

    The case exposed not just the vulnerability of Equity’s digital systems, but something far more sinister – the active participation of bank employees in facilitating the theft and potential attempts by powerful figures to cover up the crime.

    Inspector Bonface Maina Kamau, the lead investigator, was mysteriously transferred to Baragoi in remote Samburu County after he pressed too hard for answers from Ruth Muthoni. His protest letters to the DCI boss and Inspector-General allege interference from senior officers attempting to protect the alleged mastermind.

    The case remains in court, with over 200 bank employees dismissed in a purge that shocked the industry.

    The Sh387 Million One-Man Show

    Between May and June 2024, a single rogue Equity Bank employee illegally transferred Sh386.5 million to eight external accounts through unauthorized system entries. The fraud went undetected for nearly a month before internal audits flagged the suspicious transactions.

    The Sh179 Million Hacker Attack

    In April 2024, hackers breached Equity’s MasterCard systems, stealing Sh179.6 million and distributing it across 551 accounts. The bank’s leaked internal correspondence revealed the funds were quickly moved through M-Pesa to further obscure the trail.

    Central Bank officials later confirmed that the attack involved insider cooperation to identify high-value targets and manipulate security systems.

    The Mass Firing That Confirmed the Worst

    Perhaps most tellingly, Equity Bank fired over 1,200 employees in 2024 in what insiders described as a desperate attempt to root out the cancer of insider fraud eating away at the institution.

    One thousand two hundred people.

    Let that sink in.

    “When you’re firing over a thousand staff members, you’re not dealing with a few bad apples,” a former Equity Bank manager said. “You’re dealing with institutional rot. The question isn’t whether insider leaks are happening – it’s how many customers have been put in danger because of them.”

    THE STREET-LEVEL TERROR

    While Equity Bank battles multibillion-shilling heists in boardrooms and courtrooms, ordinary Kenyans are paying the price in blood on Nairobi’s streets.

    The surge in violent robberies targeting bank customers has transformed the CBD from a commercial hub into a hunting ground. Between August and December 2025, police have arrested over 300 suspects in multiple crackdowns, yet the attacks continue with disturbing regularity.

    The pattern is always the same: A customer completes a withdrawal. Within minutes, they’re confronted by knife-wielding thugs who seem to know exactly what they’re carrying. The attacks happen in broad daylight, often in crowded areas where help should be readily available.

    Victims have reported being strangled, threatened with contaminated syringes, and even smeared with human feces when they resist. The psychological trauma extends far beyond the financial loss.

    “I can’t go to the bank anymore without looking over my shoulder,” confessed a small business owner who was robbed of Sh200,000 outside a Nairobi bank last month. “Someone knew I was carrying that money. Someone told them. How else would they know?”

    DCI’s Kakamega Regional Criminal Investigations Officer Christine Chemoss confirmed in April that investigators were probing bank staff involvement in robbery targeting.

    “These robberies are either planned by bank employees or individuals who lounge in banking halls spying on those who make withdrawals,” she told reporters. “They easily monitor activities without raising suspicion and signal their accomplices waiting outside.”

    Her words were prophetic. Eight months later, two bodies on Moi Avenue provided the bloody evidence.

    THE UNANSWERED QUESTIONS

    As forensic teams processed Tuesday’s crime scene and detectives pursued the escaped suspects, The Star sought comment from Equity Bank’s corporate communications office. Our calls went unanswered. Our emails received automated responses promising replies “within 24 hours.”

    The silence is deafening.

    Here are the questions Equity Bank needs to answer:

    1. What internal controls exist to prevent staff from accessing and sharing customer withdrawal information?

    2. How many employees have been investigated or dismissed specifically for suspected involvement in tipping off criminals about customer transactions?

    3. What security protocols are in place to protect customers making large withdrawals?

    4. Has the bank conducted comprehensive vetting of all staff with access to customer transaction data following the 2024 heists?

    5. What compensation or support has been provided to customers who were robbed after making withdrawals from Equity Bank branches?

    The bank’s failure to address these questions publicly while its customers continue to be targeted suggests either dangerous incompetence or willful negligence.

    POLICE INTENSIFY OPERATIONS

    Commander Nyakumbo announced that police have intensified patrols and deployed additional undercover units across the CBD, particularly around banking areas, as the festive season approaches.

    “We’re not going to let these criminals terrorize innocent Kenyans,” he declared. “Anyone involved in these robberies, including bank staff who may be leaking information, will face the full force of the law.”

    He urged customers making large withdrawals to:

    • Request police escort services, which are available upon request
    • Avoid displaying cash in public spaces
    • Vary their routes when leaving banks
    • Use mobile banking or cheques for large transactions whenever possible
    • Report suspicious activity immediately

    But these are band-aid solutions to a gaping wound. The real problem isn’t customer behavior – it’s institutional betrayal.

    Tuesday’s shooting has crystallized a harsh reality that banking regulators and law enforcement can no longer ignore: Kenya’s financial institutions have become dangerous places for customers to conduct business, not because of the services they offer, but because of the criminals operating within them.

    The Central Bank of Kenya, which oversees banking sector security, has remained conspicuously silent throughout the cascade of scandals. No public statements. No comprehensive investigations into industry-wide insider threats. No visible action to restore customer confidence.

    Meanwhile, ordinary Kenyans face an impossible choice: Risk using banks and potentially becoming targets for robbery, or keep their money at home and face different security risks.

    The two bodies removed from Moi Avenue on Tuesday afternoon represent more than just a successful police operation against street criminals. They’re symptoms of a disease infecting Kenya’s banking sector from the inside out.

    Lost in the statistics and institutional failures are the human stories. The Embassava Matatu Sacco official who narrowly escaped with his life on Tuesday. The November victim who lost half a million shillings. The countless unnamed Kenyans who’ve been robbed, injured, or traumatized after simply trying to access their own money.

    Each robbery represents a betrayal of trust – not just by the criminals who commit the act, but by the institutions that are supposed to safeguard customer information and instead may be weaponizing it for profit.

    “Someone needs to be held accountable,” said a woman who witnessed Tuesday’s shooting, still shaking hours later. “Not just the thugs on the street, but the people in suits who are telling them where to strike. They’re the real criminals.”

    WHAT HAPPENS NEXT?

    The manhunt continues for six suspects who escaped with Sh300,000. Police are confident that CCTV footage and mobile phone data recovered from the dead suspects will lead to arrests within days.

    But the larger investigation – into potential insider leaks from Equity Bank and other financial institutions – remains murky. Sources within the DCI indicate that such probes are often hampered by powerful interests, legal complications around bank confidentiality, and the sheer scale of trying to identify bad actors within massive institutions.

    The court cases against alleged masterminds of the Sh1.5 billion heist continue to wind through Kenya’s judicial system, with lawyer Esther Bitutu Kadiki released on Sh300 million bond and businesswoman Ruth Muthoni Kamau successfully blocking parts of the investigation through legal maneuvers.

    For ordinary Kenyans, justice seems perpetually delayed. Safety feels increasingly like a luxury only the well-connected can afford.

    Two suspects are dead. Six remain at large with Sh300,000. An Embassava Matatu Sacco official is traumatized but alive. Equity Bank continues its silence. And somewhere in Nairobi right now, another criminal gang may be receiving a tip about their next target.

    The violence on Moi Avenue this Tuesday wasn’t just a robbery gone wrong. It was a stark reminder that in Kenya’s current banking landscape, making a withdrawal can be a life-threatening decision – not because of the transaction itself, but because someone you trust with your financial data might be sharing it with someone who will hurt you for it.

    Until Equity Bank and other institutions can guarantee that customer information isn’t being leaked to criminal networks, every withdrawal is a gamble. Every walk from the banking hall to your car is a risk. Every envelope containing cash is a potential death sentence.

    The question isn’t whether more blood will be spilled on Nairobi’s streets.

    It’s whose blood will be next.

    Kenya Insights continues to investigate insider links to bank customer robberies. If you have information about suspicious activity involving bank staff, contact our investigations desk in confidence.

  • The ‘Untouchable’ Ruth Muthoni Kamau: Inside Kenya’s Sh1.5 Billion Bank Heist

    The ‘Untouchable’ Ruth Muthoni Kamau: Inside Kenya’s Sh1.5 Billion Bank Heist

    How a businesswoman became the prime suspect in one of Kenya’s biggest financial crimes – and why investigators claim she’s being shielded from justice

    The call came in at exactly 9:47 AM on July 11, 2024. Kevin Mwangi, Equity Bank’s head of security, was on the line with the Banking Fraud Investigation Unit (BFIU), his voice tight with urgency.

    Something catastrophic had happened at the bank’s Britam Towers headquarters in Upper Hill.

    Within hours, Inspector Bonface Maina Kamau and Sergeant Josiah Gichobi were staring at a computer screen displaying 47 transactions that would shake Kenya’s banking sector to its core.

    The total: Sh1,545,553,374.59 – over 1.5 billion shillings vanished in what investigators now call one of the most sophisticated bank heists in the country’s history.

    But this wasn’t a story of masked bandits or dramatic vault break-ins.

    This was something far more insidious – an inside job that would lead investigators down a rabbit hole of shell companies, crypto wallets, and a web of connections that allegedly centered around one woman: Ruth Muthoni Kamau.

    The Architect of Deception

    At the heart of this financial labyrinth sits a 45-year-old businesswoman who, according to police correspondence, allegedly orchestrated the theft of over Sh800 million from Equity Bank’s salary suspense general ledger.

    Ruth Muthoni Kamau – described by investigators as the heist’s mastermind – has become what some in law enforcement circles call “untouchable.”

    The money trail tells a damning story. Ms. Muthoni’s two companies, Goodmans Fresh Ltd and Blue Kenfresh Ltd, received Sh105 million in direct transfers.

    Additional funds flowed to her personal bank accounts, while investigators believe she received even more in cash from other suspects involved in the elaborate scheme.

    When contacted, Ms. Muthoni’s response was as evasive as it was telling: “I was not arrested. I was abducted. There were over 200 people I hear, I don’t understand why you are picking me? I don’t know who I’m talking to so I choose not to talk much. Maybe you are one of the abductors.”

    Her claim of abduction stands in stark contrast to police records, which show she was arrested and later released on Sh300,000 police bail.

    But Ms. Muthoni’s version of events reveals something more troubling – her apparent confidence that she operates beyond the reach of normal law enforcement procedures.

    The Inside Man

    The sophisticated nature of the heist required intimate knowledge of Equity Bank’s internal systems.

    That knowledge came from David Kimani Machiri, a general manager who controlled the bank’s salary suspense general ledger – the very account from which the Sh1.5 billion was siphoned.

    David Kimani Machiri
    David Kimani Machiri

    On paper, the 47 transactions appeared legitimate – companies releasing funds to pay their workers’ salaries.

    In reality, it was an elaborate facade. Mr. Machiri, who became the prime suspect within hours of the discovery, was arrested and charged with facilitating the theft.

    Released on Sh500,000 cash bail, Mr. Machiri was ordered to report to the BFIU twice weekly.

    His cooperation, however, would prove to be just the beginning of investigators’ journey into a criminal network that extended far beyond the bank’s walls.

    The Real Estate Connection

    The investigation took an unexpected turn when five individuals – Sahal Mohamed Sahal, Mohamed Hashi Adan, Kariye Salah Ali, Hassan Abdirashid Mohamed, and Mohamud Mohamed Arab – walked into Equity Bank headquarters four days after the heist.

    They were attempting to access Sh463 million that investigators maintain was part of the stolen funds.

    Under interrogation, the five revealed how they had laundered the money through Hawala systems and forex bureaus before handing it over to someone they knew only as “Geoffrey.”

    This led investigators to Geoffrey Kahungi Kiragu, arrested at The Vineyard Ridgeways nightclub and initially using the false identity of Gideon Kamau Wangeci.

    Geoffrey Kahungi Kiragu
    Geoffrey Kahungi Kiragu

    Mr. Kiragu’s capture revealed the intersection of two massive financial scandals.

    He was already notorious as the mastermind behind the Lesedi Developers scam, which defrauded over 800 investors of at least Sh1 billion in bogus real estate investments.

    Even while dealing with the fallout from Lesedi’s collapse, Mr. Kiragu had established new real estate firms – Bomalink Concepts Ltd and Brickways Properties Ltd – both of which received funds from the Equity Bank heist.

    The Cover-Up Campaign

    What transformed this from a criminal investigation into a potential scandal of institutional proportions was what happened next.

    According to Inspector Kamau’s detailed protest letters to senior police officials, efforts to shield Ms. Muthoni from prosecution began almost immediately after her arrest.

    The inspector, who had been leading the investigation, found himself transferred to the remote DCI offices in Baragoi, Samburu County, following a complaint filed by Ms. Muthoni.

    The timing was suspicious – the transfer occurred before the complaint had been fully investigated, and just as the case was gaining momentum.

    In his protest letters to DCI boss Mohamed Amin, Inspector-General Douglas Kanja, and the National Police Service Commission, Inspector Kamau made explosive allegations.

    He claimed that two senior DCI officers, including one from the Transnational Organised Crime Unit, had “incessantly tried to help Ms Muthoni wriggle out of the investigation.”

    He further alleged that bureaucrats from the Office of the Director of Public Prosecutions had made similar attempts.

    The inspector’s account paints a picture of a systematic effort to derail the investigation. He described how Ms. Muthoni allegedly made several WhatsApp calls to senior officers in the DCI and National Police Service during her interrogation – calls that went unanswered but demonstrated her apparent confidence in high-level connections.

    The Crypto Trail

    Modern financial crimes require modern money laundering techniques, and the Equity Bank heist was no exception.

    Investigators discovered that suspect Owen Karanja had received Sh215 million through his companies KT Owens Group, Mac and Gray Ltd, and Axteron Technologies Ltd.

    Mr. Karanja’s revelation to BFIU detectives was particularly damaging to Ms. Muthoni’s case: he claimed to have transferred all the funds into bitcoins, which were then deposited into a Binance crypto wallet owned by Ms. Muthoni.

    This digital trail provided investigators with what they believed was concrete evidence of her central role in the money laundering operation.

    Equity Bank has been attempting to reverse these cryptocurrency transactions, but the nature of blockchain technology makes such reversals extremely difficult, if not impossible.

    The Statement That Never Was

    Perhaps the most telling aspect of Ms. Muthoni’s behavior was her approach to cooperating with investigators.

    After being fingered by multiple suspects, she was scheduled to provide a comprehensive statement to the BFIU team on October 30, 2024.

    She never showed up.

    This failure to cooperate stands in stark contrast to her earlier statement, which investigators found riddled with technical irregularities.

    The statement was dated July 22, 2023 – a full year before the heist actually occurred.

    The recording officer failed to initial the document, and the content itself contained what investigators described as inconsistencies and evasions.

    In that statement, Ms. Muthoni claimed to be in the business of exporting mutton and goat meat to Bahrain, Kuwait, and Dubai.

    She said a senior bank official had called her three days after the heist to inform her that Equity Bank had recalled Sh36 million from her account – a fraction of the amount investigators believe she actually received.

    The Untouchable Network

    The case of Ruth Muthoni Kamau raises uncomfortable questions about the effectiveness of Kenya’s criminal justice system when dealing with well-connected individuals.

    Her apparent ability to trigger the transfer of the lead investigator, her confidence in refusing to cooperate with authorities, and the alleged attempts by senior officials to shield her from prosecution all point to a systemic problem.

    Inspector Kamau’s transfer to Baragoi represents more than just a personnel move – it’s a symbol of how criminal investigations can be derailed when they touch on powerful interests.

    His detailed protest letters, copied to multiple oversight bodies, represent a rare glimpse into how the system can be manipulated to protect those with the right connections.

    The fact that Ms. Muthoni was able to file a successful complaint against the investigating officer, despite being the prime suspect in a billion-shilling heist, raises questions about the independence of internal police oversight mechanisms.

    The Equity Bank heist is more than just a criminal case – it’s a window into the vulnerabilities of Kenya’s financial system and the challenges facing law enforcement when investigating complex financial crimes.

    The case demonstrates how traditional banking systems can be exploited by those with inside knowledge, and how modern technology – from cryptocurrency to encrypted messaging – can be used to launder the proceeds.

    The real estate angle adds another layer of concern. The involvement of Geoffrey Kiragu, already notorious for the Lesedi Developers scam, suggests that Kenya’s property sector has become a haven for money laundering operations.

    The fact that he was able to establish new companies and continue operating even while under investigation for previous crimes highlights gaps in regulatory oversight.

    Behind the astronomical figures and complex financial schemes are real victims.

    The 800 investors who lost their money in the Lesedi Developers scam represent just one group of people whose lives have been devastated by these financial crimes.

    The Equity Bank heist, if successful, would have ultimately cost the bank’s shareholders and potentially its customers.

    There’s also the human cost within the criminal justice system itself.

    Inspector Kamau’s transfer to a remote posting represents the price paid by those who try to pursue justice against powerful interests. His case serves as a warning to other investigators about what can happen when they get too close to the truth.

    As this investigation continues to unfold, several key questions remain unanswered.

    Will Ms. Muthoni ever be held accountable for her alleged role in the heist?

    Will Inspector Kamau be allowed to return to his post and continue his investigation?

    And most importantly, what systemic changes are needed to prevent similar crimes in the future?

    The case of Ruth Muthoni Kamau and the Sh1.5 billion Equity Bank heist represents more than just another financial crime – it’s a test of Kenya’s commitment to the rule of law and equal justice for all.

    The outcome will send a clear message about whether the country’s institutions are strong enough to hold even the most well-connected individuals accountable for their actions.

    For now, the woman at the center of Kenya’s biggest bank heist remains free, her companies continue to operate, and her alleged victims – both the bank and the investors in related schemes – wait for justice. The question is whether Kenya’s criminal justice system is capable of delivering it.

  • INSIDE THE SH1.5 BILLION EQUITY BANK HEIST: HOW A CITY LAWYER ORCHESTRATED ONE OF KENYA’S BIGGEST BANKING FRAUDS

    INSIDE THE SH1.5 BILLION EQUITY BANK HEIST: HOW A CITY LAWYER ORCHESTRATED ONE OF KENYA’S BIGGEST BANKING FRAUDS

    In what authorities are calling one of the most sophisticated banking frauds in Kenya’s recent history, prominent city lawyer Esther Bitutu Kadiki stands accused of masterminding an elaborate scheme that drained Sh1.5 billion from Equity Bank in just 90 days.

    Court documents reveal a complex web of fictitious transactions, proxy companies, and cryptocurrency conversions designed to mask the massive theft.

    The Elaborate Scheme

    According to court papers filed by the Directorate of Criminal Investigations (DCI), Kadiki allegedly siphoned Sh1,499,465,831 from Equity Bank between May 1 and July 31, 2024.

    The funds were systematically extracted from the bank’s internal Salaries Remittance General Ledger Account Number 0001*100774**, then quickly dispersed to several non-Equity Bank accounts with falsified transaction descriptions to conceal their origin.

    “The respondent is a member of a larger organised group that is well-structured with every individual assigned his or her duties,” stated Inspector Chrispinus Sore Shibanda of the DCI’s Banking Fraud Investigations Unit in a sworn affidavit presented to Milimani Chief Magistrate Onyina.

    Multi-Layered Money Laundering Operation

    The investigation has exposed what appears to be a carefully orchestrated operation with multiple phases:

    1. Recruitment of insiders : The scheme allegedly began with Kadiki recruiting bank employees who could provide access to internal systems.

    2. System penetration : With inside help, the syndicate identified vulnerable accounts and transaction pathways.

    3. Proxy network establishment : Kadiki allegedly recruited both individuals and companies whose accounts would be used to launder the stolen funds.

    4. Fictitious documentation : As an advocate, Kadiki is accused of drafting fake business agreements between companies to justify large cash movements.

    5. Complex layering : The stolen funds were quickly moved through “several layers of intricate financial transactions including bulk withdrawals, transfers to other bank accounts and purchase of crypto currencies,” according to court documents.

    Following the Money Trail

    Banking fraud investigators have traced at least Sh38 million to accounts directly linked to Kadiki, including those registered to Inforide Point Limited—a company she co-owns with her husband—and Kadiki & Advocates, her legal practice.

    Lawyer Esther Bitutu Kadiki in court on May 6, 2025.
    Lawyer Esther Bitutu Kadiki in court on May 6, 2025.

    During interrogation, Kadiki provided agreements between her companies and eight others, which investigators have connected to transfers exceeding Sh400 million.

    However, authorities claim she has been “unwilling to provide information regarding the real faces behind the said agreements,” maintaining she never personally met the individuals involved.

    “As an advocate of the High Court of Kenya, such narrative can only be better understood to mean she is protecting those people,” Inspector Shibanda told the court.

    The Arrest and Legal Proceedings

    Kadiki was arrested on May 5, 2025, after presenting herself to the Banking Fraud Investigation Office in response to summons issued back in October 2024.

    Prosecutors argue that her delayed compliance with the summons—spanning over six months—demonstrates flight risk concerns.

    Defense lawyer Ken Echesa has applied for bail, noting that Kadiki is expecting a child and already has a young child under her care.

    The prosecution has countered by requesting she be remanded for 21 days to allow for completion of investigations.

    Chief Magistrate Onyina is expected to rule on the bail application today, May 7, 2025.

    Broader Implications for Banking Security

    This case highlights significant vulnerabilities in banking systems that allowed such massive fraud to go undetected for three months.

    Banking security experts note that access to internal general ledger accounts typically requires multiple authorization levels and oversight.

    “For someone to extract Sh1.5 billion from a bank’s salary remittance account over 90 days suggests serious internal control failures or collusion at multiple levels,” said a Banking Security Expert, who spoke on condition of anonymity due to the sensitivity of the ongoing investigation.

    Equity Bank has not issued an official statement regarding the fraud, though sources indicate the bank has implemented enhanced security protocols in response to the breach.

    A Growing Trend

    This case comes amid increasing concerns about sophisticated banking fraud schemes in Kenya.

    Just months earlier, authorities investigated what was described as the “Mulot gang” in connection with a Sh6 million fraud at Standard Chartered Bank.

    Additionally, the DCI has been investigating bank staff involvement in robberies targeting clients making large withdrawals.

    The case against Kadiki represents one of the largest alleged banking frauds in Kenya’s history, with investigators continuing to pursue leads regarding other members of what they describe as a “larger organised group” behind the scheme.

    As the legal proceedings unfold, banking regulators are expected to scrutinize internal controls at major financial institutions to prevent similar breaches in the future.