Organized criminals exploited an unknown flaw in the company's payment system over several months in 2021 and 2022, before it was eventually addressed in spring 2022.
The technical flaw arose due to disparities between the European and US payment systems. In certain cases, transactions were incorrectly refunded when declined, causing Revolut to inadvertently distribute its own money.
Criminal gangs allegedly capitalized on this flaw by encouraging individuals to attempt large purchases that would inevitably be declined, allowing the refunded sums to be withdrawn via ATMs.
The illicit activities remained undetected until a partner bank in the US raised an alert over discrepancies in cash holdings. After realizing the issue, Revolut's US subsidiary requested substantial cash injections from its parent company in the UK.
About $23 million was stolen in total, with some funds recovered by pursuing those that had withdrawn cash, resulting in a net loss of about $20 million, the FT added.
Currently, Revolut hasn't commented anything regarding the matter.