Fake accounts impersonating Ethiopian bank claim it was hacked by rebel group

The state-owned Commercial Bank of Ethiopia (CBE) encountered a “technical glitch” on March 16, 2024, allowing customers to withdraw more money than they had in their accounts. Following this, a Facebook page claiming to belong to the CBE announced that a hacker affiliated with the Fano rebel group had carried out a cyberattack on the bank. This page was quickly deleted, but the same purported announcement was then posted to a Facebook group by the same name. AFP Fact Check found that these accounts were impersonating the CBE. The bank confirmed that they had no link to these accounts and that no such targeted breach of their systems occurred.

The claim was first shared on March 16, 2024, on a Facebook page calling itself “Commercial Bank of Ethiopia” in Amharic. Facebook transparency data showed that the page had only recently changed its name, and had previously gone by several unrelated names. 

Image

Screenshot of the false post, taken on March 20, 2024

This page was quickly deleted, but the same text was then posted by an account called “Mesfin Tesfaye Page” to a Facebook group also called “Ethiopian Commercial Bank” in Amharic. 

The headline of the post, published on March 17, 2024, reads: “Six billion birr of our customers’ funds were embezzled.” 

Six billion Ethiopian birr equates to about $105 million. 

The text goes on to read: “Since  Friday night, our server has been hacked by an expatriate IT teacher and expert who supports the terrorist Fano group. As a result, our bank has lost more than 6,000,000,000 (six billion) birr from our customers and the bank’s accounts.”

Image

Screenshot of the false post, taken on March 21, 2024

Fano is a rebel group from the Amhara region that has been fighting against the Ethiopian army since July 2023. 

The CBE, founded in 1963, is the largest state-owned bank in the country. 

Similar posts were shared on Facebook here and here. 

‘Technical glitch’ 

The National Bank of Ethiopia (NBE), which regulates the Ethiopian financial sector, explained in a March 17 press release (in Amharic, archived here) that a “technical glitch” had occurred during “maintenance and inspection activities” (archived here). 

The problem allowed CBE customers to withdraw more cash than they had in their accounts. Many of the withdrawals were made by students from universities in different parts of the country on the night of March 16, 2024, after they spread the word about the glitch on messaging apps. 

The president of the CBE, Abe Sano, told reporters (archived here) on March 18, 2024, that about half a million transactions were made during the disruption. He stated that the incident was not a cyberattack. 

He did not specify the total amount withdrawn from the bank during the hours-long disruption before the bank halted all transactions.

However, the CBE did not announce that the bank was attacked by a hacker affiliated with the Fano rebels. 

Impostor page 

The CBE has made no statement to this effect on its website or any of its official social media accounts.

The bank runs an official Facebook page in Amharic (here) as well as official Facebook pages in Afan Oromo (here) and Tigrigna (here). 

“Currently, CBE does not have a separate Facebook page or group with an Amharic user name,” the bank told AFP Fact Check. 

“The claim that a 6 billion Birr loss from customer accounts due to an external cyberattack is completely fabricated.” 

The bank’s official Facebook page in Amharic has more than 655,000 followers and was created in 2014. 

By contrast, the impostor Facebook group has 49,000 members and was created in 2022.