Ekurhuleni Metropolitan Municipality, South Africa's third-largest metro, has become the epicenter of what investigators are calling one of the nation's most sophisticated municipal corruption scandals—a R2 billion fraud scheme enabled by catastrophic cybersecurity failures and insider complicity.

A forensic report by OMA Chartered Accountants, detailed by TimesLive, reveals how cybercriminals systematically compromised the municipality's SOLAR billing system to manipulate property debts, issue fraudulent rates-clearance certificates, and enable unlawful property transfers.

The breach's mechanics illustrate institutional rot at multiple levels. A former security consultant, Lucas Mhlonishwa Dhlamini, physically infiltrated municipal offices and connected a spy laptop containing malware, keylogging scripts, and remote-access tools to servers at the Kempton Park Customer Care Centre. The device also compromised the personal computer of former city manager Imogen Mashazi.

But the cyberattack succeeded primarily because Ekurhuleni's IT infrastructure was already fundamentally compromised. Forensic auditors discovered more than 60 shared administrator accounts across key servers—eliminating individual accountability and creating what one source described as "a fraudster's paradise." There were no audit trails for critical back-end record changes, meaning billing modifications could be made and erased without detection.

The municipality also failed to implement segregation of duties, allowing the same users to create, approve, and alter billing transactions. Despite repeated removal attempts, keylogging software persisted on municipal systems, harvesting credentials and administrative passwords.

The fraud scheme operated through a sophisticated network: municipal insiders and conveyancers paid approximately R40,000 per transaction to "billing solution providers" who manipulated the SOLAR system. This enabled illegal reduction of property debts owed to the city, fraudulent issuance of rates-clearance certificates, and unlawful fast-tracking of property transfers despite outstanding municipal debt.

One Springs conveyancing firm's payment, for example, resulted in manipulating a property account to allow transfer despite significant outstanding balances—transactions replicated hundreds of times across the metro.

The investigation has already claimed one life. Mpho Mafole, head of corporate and forensic audits, was murdered in 2025 while investigating this fraud alongside other sensitive probes into chemical toilet contracts and transit service corruption. His death underscores the stakes in confronting organized crime embedded within municipal structures.

Peter Paulos Moloko Monyepao, the municipality's Chief Information Officer, has been suspended and faces both disciplinary hearings and Hawks investigation. Business Connexion Group (BCX), the long-time IT service provider with deep system access, acknowledged "unauthorized activities" but has stopped short of admitting staff involvement—a response critics call inadequate given BCX's oversight responsibilities.

The confirmed losses already reach hundreds of millions of rand, with potential exposure exceeding R2 billion. Yet the scandal's significance transcends the monetary theft.

In South Africa, as across post-conflict societies, the journey from apartheid to true equality requires generations—and constant vigilance. The Ekurhuleni cyberheist exposes how institutional decay and compromised governance enable organized crime to systematically loot public resources meant for service delivery to historically marginalized communities.

Sixty shared administrator accounts. No audit trails. A murdered investigator. These are not technical failures—they are symptoms of deeper governance collapse, the same patterns that enabled state capture under the Zuma administration. Ekurhuleni's residents, already burdened by inadequate services and infrastructure decay, now discover that billions meant for municipal improvements have been systematically stolen through a conspiracy of insiders, cybercriminals, and negligent service providers.

The question facing South Africa's democratic institutions is whether accountability will follow exposure. The Hawks investigation continues, but past experience suggests prosecutions may be protracted and convictions elusive. Meanwhile, Ekurhuleni's billing system remains compromised, and the broader question looms: how many other municipalities face similar systematic theft masked by deliberately weakened cybersecurity?

In a nation still struggling with electricity provision, water scarcity, and service delivery protests, the Ekurhuleni scandal demonstrates how corruption and governance failures compound inequality—stealing not just money, but the democratic promise of a government accountable to its citizens.