Police have arrested a suspect in the Sh49 million JamboPay cyber heist involving unauthorized system access and fund transfers. Investigations reveal a coordinated digital fraud operation.
Mulembe Times
A man suspected of orchestrating a sophisticated cyber-attack that siphoned Sh49 million from JamboPay’s financial system has been detained by police following his arrest in Nairobi.
Joseph Momanyi was apprehended by detectives from the Directorate of Criminal Investigations (DCI) on April 12, 2025, at his residence in Kahawa West. The suspect is accused of gaining unauthorized access to systems belonging to Web Tribe Limited—the parent company of JamboPay—between July 19 and July 24, 2024.
According to an affidavit filed by DCI cybercrime officer Nickson Ngigi, Momanyi and his associates infiltrated JamboPay’s client portal using legitimate customer profiles from merchant transaction accounts. Once inside, they allegedly manipulated the system by disabling mobile phone numbers that receive one-time password (OTP) confirmations, enabling them to silently transfer millions of shillings into various M-Pesa wallets, bank accounts, and till numbers.
The elaborate cyber-heist went undetected for days before JamboPay’s internal security team flagged inconsistencies in transaction records, prompting a formal investigation.
Upon arrest, police recovered multiple mobile phones, laptops, and SIM cards registered under different names—believed to have been used in the operation to conceal digital footprints and avoid detection. Forensic experts are now examining the seized electronic devices to trace the movement of the stolen funds and identify other accomplices involved in the scheme.
Sources within the investigation indicate that Momanyi confessed to being part of a larger syndicate and expressed a willingness to cooperate with authorities in tracking down his fellow conspirators. The DCI has applied to hold the suspect for at least seven more days to allow for in-depth digital forensics and asset recovery procedures.
Police say the nature of the hack points to a well-coordinated and highly organized cybercrime operation. “This was not a lone wolf. The level of access and the sophistication of the tools used suggest collaboration among individuals with deep technical knowledge and access to financial networks,” said a senior DCI officer familiar with the probe.
Momanyi is facing charges under Kenya’s Computer Misuse and Cybercrimes Act, including unauthorized access, computer fraud, and money laundering. If convicted, he could face a lengthy prison sentence and forfeiture of any assets linked to the fraud.
JamboPay, a key player in Kenya’s digital payments ecosystem, serves a wide range of clients, including county governments, utilities, and private sector businesses. The breach raises serious concerns over the security of financial data and the resilience of fintech platforms amid growing reliance on digital transactions.
In a statement, JamboPay assured its customers that no personal data had been compromised and that measures were underway to bolster its cybersecurity infrastructure. “We are cooperating fully with investigative authorities and have already taken steps to seal the vulnerabilities exploited during the attack,” the company said.
The incident adds to a growing list of cybercrime cases in Kenya, where increasing digitization has made banks, fintechs, and government portals attractive targets for hackers.
Cybersecurity experts are calling for more investment in digital infrastructure security, stricter compliance protocols, and robust authentication systems across platforms handling sensitive financial data.
As investigations continue, the arrest of Joseph Momanyi marks a major breakthrough for authorities in combating rising cybercrime. However, the full extent of the operation, including how much of the stolen money can be recovered, remains to be seen.
