In June last year, hackers took control of an email account belonging to an employee at heavy machinery manufacturer Mountain Crane. The hackers used their access to send an invoice totaling $1.75 million to one of the company’s customers, wind turbine giant Nordex, which then unwittingly paid the hackers over $800,000. A month later, Nordex realized it had been defrauded and contacted the FBI.
The fraud, outlined in a search warrant obtained by Forbes, was a classic case of what’s known as Business Email Compromise (BEC), one of the most common and financially devastating cyberattacks, costing the U.S. $2.7 billion in 2022 alone. But something strange caught the FBI’s attention: $50,000 of the stolen funds were sent to the bank account of Dr. Kelechi Ofoegbu, a Nigerian government official and regulator of the oil and gas industry. Ofoegbu is currently an executive commissioner at the Nigerian Upstream Petroleum Regulatory Commission and previously worked at energy giants Shell and Eland Oil & Gas.
Ofoegbu has strenuously denied any wrongdoing and said funds from his bank account were wrongly seized. “I am completely innocent and would crave an opportunity to prove this,” he told Forbes. He said he has been banned from travelling to the U.S. and was only made aware of the Nordex fraud after Forbes contacted him about the allegations.
The Department of Justice declined to comment further on the case. Mountain Crane didn’t respond to requests for comment. Nordex spokesperson Antje Eckert said the company was working with law enforcement on the case, adding that the company had been told the FBI recovered the full amount paid.
Why Ofoegbu allegedly had the money in his account remains a mystery.