Bad actors exploited an unknown weakness in Revolut’s payment system to steal more than $20 million of company funds in early 2022.
That development reported by the Financial Times, citing several unnamed sources familiar with the incident. The violation has not been disclosed to the public.
The error stems from a discrepancy between Revolut’s US and European systems, which caused funds to be erroneously returned using its own money when some transactions were rejected.
The problem was first detected in late 2021. But before it was closed, the report said organized criminal groups took advantage of the loophole by “encouraging individuals to attempt to make costly purchases which would then be rejected.” The amount returned will then be withdrawn from the ATM.
The exact technical details related to the defect are currently unclear.
🔐 PAM Security – Expert Solution to Secure Your Sensitive Accounts
This expert-led webinar will equip you with the knowledge and strategies you need to change your privileged access security strategy.
A total of some $23 million was stolen, with some of the funds recovered by going after those who had withdrawn the cash. The mass fraud scheme is said to have resulted in a net loss of around $20 million for the neobank and fintech company.
The revelations come less than a week after Interpol announced the arrest of a suspected senior member of a French-language hacking crew known as OPERA1ER, which was linked to attacks targeting financial institutions and mobile banking services with malware, phishing campaigns and a large Business Email Compromise Fraud (BEC). ) large scale.