AfricAI issued a press release, acknowledging a security breach of its fundraising page.
What initially began as a feature article on a crowd funding drive by AfricAI, the AI startup of the alternative Chabot ZivAI and Dan AI, after international sanctions banned them from using popular AI tools like ChatGPT has taken a dramatic turn. From a goodwill investor in AI development in Zimbabwe to an investigation into allegations of hacking, fraud, and industrial espionage involving AfricAI. This unexpected turn of events has cast a shadow over the company’s reputation and fundraising efforts.
This subsequent event emerged from a crowdfunding campaign in which AfricAI aimed to raise $50,000 but managed to amass over $24000 in three weeks. According to the crowdfunding memorandum of understanding (MOU), donors are “entitled to receive a proportional portion of 10% of the Company based on their contribution amount, upon Series [A] raise.
This is before AfricAI issued a press release on July 7th, acknowledging a security breach of its fundraising page. The company attributed the breach to an unauthorized individual by the name of Michael Dera, who works for a competing software development firm, gaining access by exploiting a vulnerability that allowed unauthorized access to their backer database hosted on Superbase. However, AfricAI assured the public that the donated funds are intact. Moreover they assured the public stating, “We have taken immediate action to address the situation and strengthen our security measures to prevent any such incidents in the future.”
Michael Dera, in his defense, was motivated by the motive to expose the company’s security deficiencies rather than conducting a hack. He revealed, in a call interview with Techcabal that the fundraising page had been sending people’s details without security measures. “If you opened the page, you noticed that apart from sending blank transactions, they were also sending people’s details, including emails and phone numbers, without any sort of security. I also noticed that because everything was exposed like that, I could also do a post request to their website as well.”
Dera inflated the figures on the website and on social media to prove the vulnerabilities. He shared a payload of the transactions he captured and underscored that some donations were fake as well as the number of backers. Dera’s claims were based on his observation that most donations were manually added to the funding platform, raising doubts about their authenticity.
With AfricAI’s reputation on the brink, Kuda Musasiwa, founder of AfricaAI acknowledged, the manual addition of transactions but clarified that it was necessary because some donors had sent funds via bank account rather than through the fan page. He provided evidence from his Stripe dashboard to Techcabal which matched the payment IDs provided by Dera. This raised the question as to whether Dera’s allegations could be false.
Dera maintained his stance until he could personally review Musasiwa’s stripe dashboard and committed to apologize if proven wrong. Regardless of that, the damage to AfricAI’s reputation and ability to more funds has been made. Musasiwa blames Dera’s actions on jealousy and industrial espionage considering he works for a rival company and is equally disappointed because Dera chose to tarnish their image instead of privately disclosing the vulnerabilities. Moving forward, ZivAI plans to enhance security measures across all platforms, including the funding page, and considers pursuing legal action against Dera. However, this path poses challenges for a startup still in need of funds for basic operations.
As far as the legal team is concerned, Dera says he hasn’t heard from them and if Musasiwa claims to be hacked he should take the initiative to report. “As far as I’m concerned, if I hacked their data, they’re supposed to report the incident to the UK Information Commissioner’s Office because that’s where their company is registered. GDRP requires that incidents like this be reported to them within 72 hours. Otherwise, there’ll be a financial penalty for that. The fact they have not done so speaks volumes.”
In a previous interview, Musasiwa had expressed confidence in the crowdfunding process stating that they encountered no challenges apart from convincing investors of the project’s validity which derailed their funding efforts. He continues to remain vigilant after the incident. “Part of building tech products is learning from your mistakes literally every day. This has been a very unfortunate and costly incident but we continue on our mission to try to build our platforms for the benefit of our users,” he concluded.
