Why We Backed Cleafy Again
March 12th, 2026
On co-leading the €12M Series B alongside eCAPITAL
Most fraud prevention in banking is built around a single question: does this transaction look suspicious? It is a reasonable question. It is also asked too late.
By the time a fraudulent payment is processed, the attacker has already completed the hard work: the reconnaissance, the infrastructure assembly, the trial runs, the exploitation of a compromised session. Transaction-layer detection catches the final step of a structured campaign and calls it fraud prevention. What it actually captures is the confirmation that damage has occurred.
This is the gap Cleafy was built to close.
Founded in 2014 by Matteo Bogana, Nicolò Pastore, and Carmine Giangregorio, three technologists with backgrounds in cybersecurity rather than in the fraud establishment, Cleafy approaches banking fraud as what it actually is: a cyberattack with a kill chain. The platform reconstructs how attacks form across sessions, devices, and channels in real time, identifying hostile infrastructure and attacker intent before any fraudulent transaction is attempted. The question it answers is not “does this payment look anomalous?” but “is there an active attack in progress, and at what stage?”
The architecture follows from that question, and building it required stepping entirely outside the assumptions of the incumbent fraud industry.
When we led Cleafy’s Series A in 2023, the thesis was clear: a team with genuine cybersecurity depth had identified a structural blind spot in how banks defend themselves, and had built a detection architecture that the existing market could not replicate. What convinced us then was not only the technology but the early proof of product-market fit: 100 million users protected, and a retention rate that held at 100%.
The decision to back Cleafy again in this Series B was grounded in what has happened since. The user base has grown to 250 million across more than 150 financial institutions in Europe and Latin America. Customer churn remains zero. Banks that shift from reactive transaction scoring to upstream attack detection do not go back, and Cleafy’s numbers make that plain.
This round also brings in eCAPITAL as co-lead, and that matters beyond the capital. eCAPITAL is an experienced deep tech and cybersecurity investor, with a portfolio that includes several European companies working on critical infrastructure protection. Their decision to lead this round alongside us reflects a shared conviction about where the European security landscape is heading, and adds an international dimension to Cleafy’s backing that strengthens the company’s credibility as it scales.
The broader context is worth naming. Critical infrastructure protection has become one of the defining topics in European technology and policy. DORA and NIS2 are raising the bar for what financial institutions are required to demonstrate in terms of resilience, and the geopolitical environment has sharpened attention on the security of systems that European economies depend on. Cleafy’s work sits squarely in this space: protecting the financial infrastructure that underpins daily economic life, with a technology approach sophisticated enough to match the threat.
With this round, the company accelerates on three fronts: expanding its global threat intelligence network through Cleafy Labs, which has already identified more than 60% of known global banking malware; entering new markets in DACH and Asia-Pacific; and extending its detection capabilities inside the enterprise with Cleafy for Workforce, which applies the same attack-centric approach to insider threats and compromised accounts within corporate systems.
We are proud to continue the partnership with Matteo and the team as they move into this next chapter.
