Revolut’s Payment Systems Exploited Hackers Steal $20 Million

In an unfortunate turn of events, malicious actors took advantage of an undisclosed vulnerability in Revolut’s payment systems, resulting in the unauthorized transfer of over $20 million from the company’s funds in early 2022.

The incident came to light through reports from the Financial Times, which relied on insights from various undisclosed sources familiar with the matter. It is worth noting that Revolut has not publicly disclosed the breach.

The fault in the system originated from discrepancies between Revolut’s U.S. and European systems. As a result, the company mistakenly refunded funds using its own money when certain transactions were declined.

In late 2021, the system detected a problem, but unfortunately, it remained unresolved. According to the report, organized criminal groups capitalized on this loophole by actively encouraging individuals to make expensive purchases that were anticipated to be declined. Subsequently, these individuals would withdraw the refunded amounts from ATMs.

The specific technical details regarding the flaw remain unknown at present.

Criminals managed to steal a total of approximately $23 million, although authorities were able to recover some of the funds by taking action against those who had withdrawn the cash.The overall impact of this widespread fraudulent scheme resulted in a net loss of around $20 million for the neobank and fintech company.

This disclosure follows the recent announcement by Interpol regarding the arrest of a suspected high-ranking member of OPERA1ER, a hacking group primarily active in French-speaking regions. The group has been linked to various attacks targeting financial institutions and mobile banking services using methods such as malware, phishing campaigns, and large-scale Business Email Compromise (BEC) scams, according to The Hacker News, for more update