Two European clubs fall victim to cyber fraud during player transfer as FIFA and CAS step in

The case escalated to legal proceedings.

Details: A highly unpleasant situation unfolded involving Croatian side Rijeka and Hungarian club Ferencváros during the 2021 transfer window. At the time, the Hungarian club transferred money for the signing of defensive midfielder Stjepan Lončar to a fraudulent account after hackers breached Rijeka's email system.

As a result of this incident, both Rijeka and Ferencváros lost the funds, which ended up in the hands of cybercriminals.

Initially, FIFA sided with the Croatian club and ordered Ferencváros to pay the full transfer fee again, stating that the payer bears responsibility for the situation. However, the Hungarian club disagreed with this ruling and appealed to the CAS.

• See also: Al Ahly vs Ceramica Cleopatra prediction, H2H and probable lineups - September 19, 2025

Now, four years later, the CAS has overturned FIFA's decision, concluding that both clubs were negligent and that this negligence led to the losses:

• Ferencváros ignored clear warning signs: a Spanish bank account for a Croatian club, discrepancies with the data in the FIFA TMS system, and an alert about a fake email address.
• Rijeka also acted carelessly: failing to respond to a direct warning about the fraudulent domain, not confirming the payment in FIFA TMS, and using unofficial communication channels in violation of the contract.

As a result, the CAS ruled that the losses should be split 50/50, obliging Ferencváros to pay only half the sum—€498,750.

Reminder: "Maybe one day the federation will apologize." Guardiola revisits his doping scandal