How Revolut lost $23 million to a vulnerability in its system


Revolut has lost $23 million as cybercriminals have exploited a bug in the bank’s operation.

Revolut is one of the most popular and successful digital banking apps on the market. It offers its users a free Visa card, with which they can pay in any currency without commissions, and a series of innovative and attractive financial services.

However, the company has recently suffered a serious security incident that has cost it 23 million dollars. This situation occurred in 2021, but it has not been until now in the middle of 2023 that what has happened has been made public.

According to a Financial Times investigationRevolut was hacked in early 2021 by a group of cybercriminals that took advantage of a failure in their payment systems to make refunds after having made rejected transactions.

These refunds were then withdrawn by cybercriminals at ATMs, causing Revolut to lose this money. Furthermore, these criminal groups had started inciting more groups to make high-value purchases and then withdraw erroneous refunds.

The Revolut hack: what happened and how it was discovered

Despite recovering a very small fraction of that money by tracking down some of those involved, the fintech lost some $23 million net, equal to almost two-thirds of its annual net profit in 2021.

The flaw was first detected in late 2021 and escalated in early 2022, when criminals encouraged customers to make very high purchases that would later be rejected. These payments would later be withdrawn in cash via ATM redemption.

The fraud came from Revolut’s own funds and not from customer accounts, according to anonymous sources. The fintech’s internal controls were unable to stop the massive theft, and the problem was discovered when a partner bank in the US alerted the entity that it had less cash than expected, the Financial Times reported.

Given the seriousness of the events, which affect the reputation and security of the company, no spokesperson for the financial company has wanted to comment or give explanations. The loss from theft was not specifically reflected in the 2021 results.

The company has also seen a number of high-level workers leave in recent months, including the chief executive of its British bank, James Radford, and chief financial officer, Mikko Salovaara. Joel Kass, HR director and head of banking products for the UK bank, will also be leaving soon.