Revolut’s Payment Systems Hacked: $20 Million Stolen: In early 2022, hackers managed to exploit a flaw in Revolut’s payment systems, leading to the theft of over $20 million from the company.
The incident, which was not publicly disclosed, involved the manipulation of funds through a discrepancy between Revolut’s U.S. and European systems.
This breach highlights the vulnerability of financial institutions to organized criminal groups seeking to exploit weaknesses in payment systems.
Key Takeaways to Revolut’s Payment Systems Hacked:
Table of Contents
- Exploited flaw: Hackers targeted Revolut’s payment systems, taking advantage of an undisclosed vulnerability and causing a loss of approximately $20 million.
- Organized criminal groups: The breach was carried out by organized criminal groups that capitalized on the flaw by encouraging individuals to make expensive purchases, leading to erroneous refunds that were subsequently withdrawn from ATMs.
- Ongoing cyber threats: The incident comes shortly after the arrest of a suspected senior member of a hacking crew associated with attacks on financial institutions and mobile banking services, underscoring the persistent risks faced by the financial sector.
Revolut’s Payment Systems
Undisclosed breach and financial loss In early 2022, malicious actors successfully exploited a flaw in Revolut’s payment systems, resulting in the theft of over $20 million from the company.
The breach was not publicly disclosed and was reported by the Financial Times, citing anonymous sources.
Discrepancies between U.S. and European systems
The root cause of the breach was a discrepancy between Revolut’s U.S. and European payment systems. This discrepancy led to funds being refunded erroneously using the company’s own money when certain transactions were declined.
The exploitation of the flaw by criminal groups
Although the problem was initially detected in late 2021, it was not resolved in time.
During this period, organized criminal groups took advantage of the loophole by encouraging individuals to make expensive purchases that were likely to be declined. The refunded amounts were then withdrawn from ATMs, resulting in significant losses for Revolut.
Lack of technical details
Specific technical details regarding the flaw and the exploitation method used by the hackers have not been disclosed, leaving the exact nature of the vulnerability unclear.
Financial Impact and recovery efforts
The total amount stolen was approximately $23 million, with some funds recovered through efforts to track down those who had withdrawn cash. Nonetheless, the mass fraud scheme caused a net loss of around $20 million for Revolut.
Connection to recent cybercrime arrest
The revelation of this breach comes shortly after Interpol announced the arrest of a suspected senior member of OPERA1ER, a French-speaking hacking crew known for targeting financial institutions and mobile banking services.
OPERA1ER has been involved in various cyberattacks utilizing malware, phishing campaigns, and large-scale Business Email Compromise (BEC) scams.
Conclusion
The breach in Revolut’s payment systems serves as a stark reminder of the ongoing threats faced by financial institutions from organized criminal groups.
With cybercrime becoming increasingly sophisticated, it is crucial for companies in the financial sector to continuously enhance their security measures and remain vigilant against potential vulnerabilities.
