Revolut, the prominent neo-bank and fintech firm, fell victim to a massive theft of more than $20 million due to the exploitation of an undisclosed flaw in its payment systems.
The incident originated from discrepancies between Revolut’s US and European systems, causing funds to be incorrectly refunded using the company’s money when certain transactions were declined.
Although the issue was initially detected in late 2021, criminal groups took advantage of the loopholes by encouraging individuals to make expensive purchases that were ultimately declined. The refunded amounts were then withdrawn from ATMs, enabling the organised criminals to exploit the flaw, as reported by Financial Times.
The specific technical details regarding the flaw remain unclear, leaving Revolut to address the vulnerability and enhance its security measures.
Approximately $23 million were stolen, but efforts to recover the funds were made by pursuing those responsible for withdrawing the cash. Nevertheless, the overall impact of the mass fraud scheme resulted in a net loss of approximately $20 million for Revolut.
This disclosure follows closely on the heels of Interpol’s recent announcement regarding the arrest of a suspected high-ranking member of the OPERA1ER hacking group, predominantly known for targeting financial institutions and mobile banking services using malware, phishing campaigns, and large-scale Business Email Corporations (BEC) scams.
Revolut has not issued an official statement in response to the news report by Financial Times. This is not the first time that Revolut has faced a cyberattack. The company has faced a few cybersecurity challenges in the past, including a targeted cyberattack and other technical issues.
Banking authorities and transaction gateways are more likely to be the target of hacking groups. They are advised to follow the security protocols seriously.
In the News: RomCom threat group targets the upcoming NATO Summit