/security

News and resources on cyber and physical threats to banks and fintechs worldwide.

Revolut lost $20 million to criminals exploiting payment loophole

Malicious actors exploited a fault in Revolut's payment prcoessing system to steal more than $20 million from the financial super app in 2022, the FT has reported.

  3 Be the first to comment

Revolut lost $20 million to criminals exploiting payment loophole

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The fault stemmed from discrepancies between Revolut's US and European systems, causing funds to be erroneously refunded using its own money when some transactions were declined, says the FT, citing multiple anonymous sources.

Organized criminal gangs exploited the loophole by "encouraging individuals to try to make expensive purchases that would go on to be declined." The refunded amounts would then be withdrawn from ATMs.

The fault was detected in late 2021 by a partner bank to Revolut in the US, and was corrected in Spring 2022.

About $23 million was withdrawn in total, with some funds recovered by pursuing those who had withdrawn cash.

Revolut has yet to comment on the breach.

Sponsored [Webinar] PREDICT 2025: The Future of Faster Payments in the US

Related Company

Comments: (0)

[Webinar] Operational Resilience in the age of DORAFinextra Promoted[Webinar] Operational Resilience in the age of DORA