A payment flaw in Revolut’s US service allowed criminals to steal millions of dollars over several months, the Financial Times (FT) reported.
The loophole, which impacted the fintechs’ payment systems in the US, arose from the different payment systems between Europe and the US. According to the FT, when transactions were declined, Revolut would mistakenly refund accounts with the company’s money.
Organized crime groups have exploited the flaw since early 2022, with net losses exceeding $20 million. FT claims that this makes up two-thirds of Revolut’s 2021 net profit.
The scheme involved purchasing expensive goods, knowing that the payment would be declined and later reimbursed by the company. However, the exact details of the flaw are unclear as the incident hasn’t been publicly disclosed.
The company told Cybernews that they “will not be commenting” on the issue.
Last year, Revolut dealt with a highly targeted cyberattack that could have affected over 50,000 customers. The fintech, licensed and regulated by the Bank of Lithuania within the European Union, disclosed the breach to the Lithuanian State Data Protection Inspectorate.
A 2021 Revolut bug caused fears of a hack after user account pictures changed to depict random people instead of the account’s owners.
Revolut boasts over 30 million personal users and 500,000 business users worldwide, with operations supported in over 200 countries and regions. The company employs over 6,000 staff and had a revenue of $375 million in 2022.
More from Cybernews:
Subscribe to our newsletter