The development was reported by the Financial Times, citing multiple unnamed sources with knowledge of the incident. The breach has not been publicly disclosed.
The mistake arose due to inconsistencies between Revolut’s US and European systems, which caused some transactions to be declined and erroneously refunded using their own money.
The problem was first detected in late 2021. But before it could be shut down, the report said organized criminal groups “encouraged individuals to try to make expensive purchases that would be denied.” Then the refunded amount will be withdrawn from the ATM.
The exact technical details associated with the fault are currently unclear.
In total, approximately $23 million was stolen, some of which was recovered by chasing down the cash seekers. The massive fraud scheme is said to have resulted in net losses of around $20 million to the neobank and fintech firm.
The disclosure comes less than a week after Interpol announced the arrest of a suspected senior member of a French-speaking hacking team called OPERA1ER, which has been involved in large-scale malware, phishing campaigns and attacks aimed at financial institutions and mobile banking services, has been involved in. got included in Scale Business Email Compromise (BEC) scams.