Early in 2022, malicious actors took advantage of an undiscovered weakness in Revolut’s payment infrastructure to steal more than $20 million from the business.
The Financial Times reported the situation and cited numerous unnamed sources who were aware of the occurrence. The breach hasn’t been made publically known.
The problem was caused by differences between Revolut’s European and American systems, which led to funds being mistakenly repaid with company funds when some transactions were denied.
Initially, the issue was discovered in late 2021. However, the study claimed that before it could be closed, organised criminal gangs took advantage of the flaw by “encouraging people to try to make expensive purchases that would later be declined.” The refunded sums were then taken out of ATMs.
There is currently uncertainty on the flaw’s precise technical specifications.
In total, almost $23 million was stolen; some of the money was recovered by pursuing cash withdrawal suspects. According to reports, the neobank and fintech company suffered a net loss of roughly $20 million as a result of the widespread fraud scheme.
The information was made public less than a week after Interpol revealed the arrest of a suspected senior member of the French-speaking hacker group OPERA1ER. OPERA1ER has been connected to attacks on financial institutions and mobile banking services using malware, phishing scams, and massive Business Email Compromise (BEC) scams.