Malicious actors exploited an unknown flaw in Revolut’s payment system to steal more than $20 million in the company’s funds in early 2022.
The development was reported by the Financial Times, citing multiple anonymous sources familiar with the incident. This violation has not been made public.
The outage was due to a discrepancy between Revolut’s US and European systems, which caused funds to be incorrectly returned with their own funds when some transactions were declined.
The issue was first discovered at the end of 2021, but the report said organized crime groups had taken advantage of a loophole that “invites individuals to make expensive purchases that would result in them being turned down” and exploited it before it was shut down. Stated. The refunded amount will be withdrawn from the ATM.
The exact technical details related to this flaw are unknown at this time.
🔐 PAM Security – Expert Solutions to Secure Sensitive Accounts
Gain the knowledge and strategies you need to transform your privileged access security strategy in this expert-led webinar.
reserve a spot
A total of about $23 million was stolen, and some of the money was recovered following the tracing of those who withdrew the cash. The massive fraud scheme is said to have cost the neobank and fintech company about $20 million in net losses.
The disclosure comes less than a week after Interpol announced the arrest of a suspected leader of a French-speaking hacking group known as OPERA1ER. OPERA1ER has been linked to malware, phishing campaigns, and large-scale attacks targeting financial institutions and mobile banking services. – Scale Business Email Compromise (BEC) fraud.
