Investigation: How 69,000 daily stolen phones are used to drain bank accounts of Nigerians

Every 1.3 seconds, somewhere in Nigeria, especially in Lagos, a phone is stolen. That is the finding of the National Bureau of Statistics Consumer Experience and Satisfaction with Public Services Survey 2024. It recorded 25,354,417 mobile phone thefts between May 2023 and April 2024, making it the single most prevalent individual crime in the country, ahead of assault, consumer fraud, and land disputes combined; and the most recent number is probably higher.

If phone theft were simply property crime, the scale would be alarming enough. But Nigeria spent the better part of a decade building a mobile-first financial system in which the smartphone is no longer a communication device but the primary interface between millions of citizens and every financial service they own. Savings.

Transfers. Loans. Business payments. All of it accessible through a device that, according to the NBS, disappears from a Nigerian’s possession every 1.3 seconds.

What follows that disappearance is the story the data alone cannot tell. It is a story about organised fraud that moves faster than any victim can respond, about private trackers who recover phones at eight times the rate of the official system, and about a country that built its financial front end at speed and its safety net almost as an afterthought.

The 10-minute window

The geography of phone theft in Nigeria is specific and well-documented.

The NBS data shows that 35.3% of cases occur in public places and 35% in victims’ homes, with markets, bus stops, and transport hubs accounting for the majority of public-space incidents. But Mr Ige Olajide Samson, a private investigator and professional tracker who works across Lagos State in collaboration with the police, puts it more simply: nowhere is safe.

“Even mosque, even church, everywhere,” he says. “People that want to steal, they are there. Be it police, be it soldier, being anything you are, they will steal your phone.”

In Lagos specifically, the police have documented the method at Oshodi, where organised groups trail targets until they make a call or become distracted, then work in coordinated formations to pick pockets or snatch devices during the confusion of boarding buses. Bolade, Under Bridge, and Oshodi Oke are among the most active corridors, with Mondays, Wednesdays, and Fridays recorded as the peak days.

But the theft itself is only the first 60 seconds. What follows is faster, more deliberate, and considerably more damaging.

Once a phone is stolen, fraudsters move through a recognisable sequence. If banking and fintech applications are still active on the device, they are accessed immediately. The SIM, if not blocked within minutes, becomes the next target.

A fraudster will visit a mobile network operator’s retail outlet, sometimes in a different state entirely, and successfully impersonates the victim through falsified or socially engineered documentation gains control of the phone number that anchors the victim’s entire financial identity. Every one-time password, every authentication code, flows directly to them. They then raise the victim’s transfer threshold before moving funds, a step that requires either technical sophistication or knowledge of how banking platforms process limit adjustments and one that buys critical time before the institution flags the activity.

For iPhone users, the exposure runs deeper. Mr Olajide explains that thieves who cannot immediately bypass an iCloud account will jailbreak the device, partitioning it so the iCloud sits isolated on one side while they use the phone normally on the other.

“The iCloud will be one side, and they will be using the phone, and you won’t, you can’t find it,” he says. Once partitioned this way, the phone becomes effectively untrackable through conventional means.

The Economic and Financial Crimes Commission (EFCC) documented this operational sequence in precise detail through a 2019 case handled by its Makurdi zonal office. Three suspects, Adewuyi A. Adebayo, Osikoya K. Gboyega, and Akintunde Ogunrinde, were arrested following intelligence about their activities across Lagos and Benue.

The victim had noticed his MTN line displaying the message “invalid SIM card.” When he visited an MTN office, he was told someone had already executed a SIM swap at a branch in Abia. In the time between the swap and his discovery, the transfer threshold on his FCMB account had been raised above ₦500,000, and ₦7,107,540 removed without his consent. The EFCC referred the case to court pending the conclusion of its investigation.

The financial damage that follows theft extends beyond immediate transfers. Reporting has documented victims who discovered loans taken out in their names using their stolen numbers, and others left repaying debts they never incurred long after the original theft.

Olajide confirms this from operational experience, noting that stolen phones have been used to borrow money on platforms like OPay before the victim realises the device is gone.

“Immediately you lose your phone,” he says, “you go to the police station immediately or the day after. Because after someone takes your phone, they can use it to call another armed robber, they can steal your money, they can transfer from your OPay, they can use it to borrow money.”

3 industries, 1 broken chain

When a Nigerian whose phone has been stolen walks into a police station, the NBS data shows they are likely to be among the roughly 90% of victims who do report. What they encounter is a different statistic: a national phone recovery rate of 11.7%.

For every 100 phones reported stolen to the Nigerian police, fewer than 12 are returned to their owners. Officers at many stations are documented as demanding a mobilisation fee of ₦30,000 or more before initiating any tracking effort, placing the cost of investigation on the victim rather than on the state.

Only half of phone theft victims expressed satisfaction with the police response, with lack of confidence in any meaningful outcome cited as the most common reason others chose not to report at all.

The contrast with what a private tracker can achieve is stark. Mr Olajide puts his recovery rate at approximately 80%, and the reason for the gap, he explains, is structural rather than technological.

“Police are very busy. Their work is general duty,” he says. “A private tracker can go for four days, five days to somewhere to investigate before catching somebody. For the police, you are in one division, one command. If you go for three days, you have to report to your CO.”

The operational freedom a private tracker has, including the ability to cross state lines with police escort and interstate investigation documentation, is precisely what the formal system cannot easily replicate.

The tracking process itself begins with the IMEI number, a unique identifier embedded in every mobile device and recorded on the original packaging or purchase receipt.

“Immediately you give us the IMEI number, we put it inside the machine,” Mr Olajide explains. “Later, if they are not using it, the machine will tell you they are not using it. Immediately they start using it, it will call us. There will be a red alert: this phone, somebody is using it, this is the number the person is using, all the call logs, everything will be there.”

For victims without original packaging, a fairly used phone purchased with a receipt will also carry the IMEI on that document.

The implication of this 80-versus-11.7 gap is not simply that private trackers are more effective. It is that effective phone recovery in Nigeria is currently a service available primarily to those who can pay for it, while the official system, funded by public resources and available to everyone in theory, delivers results for barely one in ten victims.

The banking and fintech sector’s record on post-theft response is inconsistently documented but increasingly under regulatory scrutiny. A source has confirmed that several commercial banks are under review for repeated security failures and delays in fraud resolution following phone theft incidents, and that institutions found ignoring red flags or failing to activate account-protection protocols after receiving customer complaints will face regulatory consequences.

The timeline for enforcement remains publicly unspecified.

For victims pursuing financial recovery rather than physical recovery of their device, Mr Olajide describes a process that depends entirely on police documentation. “When somebody wipes money to some account, you give it to police. Police will put a DND on that account. Immediately the person enters the bank, they will hold them.” ‘

But the trigger for that freeze requires a police order, which in turn requires the victim to have filed a formal report and had it processed, creating a bureaucratic bottleneck at the precise moment speed matters most.

The telco dimension is structurally the most significant. Every SIM swap fraud begins with a verification failure at a mobile network operator’s retail outlet. A fraudster who successfully impersonates an account holder at an MTN, Airtel, Glo, or T2 branch gains control of the phone number that anchors the victim’s entire financial identity, after which the bank’s own authentication systems work against the customer rather than for them.

The Nigerian Communications Commission’s (NCC) Executive Vice Chairman Aminu Maida acknowledged in 2024 that there was currently no direct regulatory consequence for using a phone line to commit fraud and that the commission is developing regulations to address that gap. That process has not yet produced enforceable rules.

The most substantive regulatory response to date is the CBN’s mandatory device binding directive, taking effect on July 1, 2026, which requires financial institutions to bind customer accounts to specific registered devices, and the Telecom Identity Risk Management System, known as TIRMS, formalised through a memorandum of understanding between CBN Governor Olayemi Cardoso and NCC Executive Vice Chairman Maida.

TIRMS allows banks and fintechs to query in real time whether a phone number linked to a transaction has been recently swapped, flagged for suspicious activity, or gone inactive, closing the window that SIM swap fraudsters have historically exploited.

Both measures are meaningful advances. Neither addresses the 69,000 Nigerians whose phones are stolen today, in the months remaining before July 1, or whose institutions have not yet integrated with TIRMS infrastructure.

A data brief published by the National Institute for Legislative and Democratic Studies in January 2026 warned that SIM swap fraud, phishing, and insider collusion remain dominant threat vectors despite aggregate improvement in Nigeria’s fraud numbers and raised concern that a 34% drop in institutional fraud reporting in the fourth quarter of 2025 risked masking the true scale of ongoing losses rather than reflecting genuine reduction.

Nigeria’s mobile financial system was built on a specific promise: accessible, fast, and available to anyone with a smartphone, regardless of where they live or what bank branch is nearest to them. That promise delivered. Between 2020 and 2024, millions of Nigerians who had never held a formal bank account gained access to financial services through their phones.

What was not built at the same speed, with the same urgency, or with the same institutional commitment, was the infrastructure to protect those services when the device at the centre of the system disappears in 1.3 seconds.

The fraud ecosystem that fills that gap is organised, fast, and entirely aware of every seam in a system that is only now beginning to stitch itself closed.

For victims who cannot afford a private tracker and cannot wait for a police/court order to move through a slow chain of command, the window has almost certainly already closed.