Revolut, a financial firm regulated by the Bank of Lithuania, has reportedly lost £20m to cyber criminals who exploited flaws in the company’s payment systems. The criminals slowly drained funds from Revolut over several months in 2021 and the issue was only identified and corrected by a US-based partner in Spring 2022. However, by that time, significant damage had already been done. The faulty system also led to Revolut’s central payment system refunding its own funds, potentially impacting the company’s profits by the end of this year. Experts believe that an organized criminal gang exploited a vulnerability in the gateway and encouraged hired criminals to make expensive purchases that were later declined, allowing them to claim refunds from ATMs. It is important to note that Revolut is not a recognized bank in the UK and is therefore not eligible for the Financial Services Compensation Scheme.
Key Points:
1. Revolut, a financial firm regulated by the Bank of Lithuania, has lost £20m to cyber criminals.
2. The criminals exploited flaws in Revolut’s payment systems to slowly drain funds over several months in 2021.
3. A US-based partner identified and corrected the issue in Spring 2022, but significant damage had already been done.
4. The faulty system also led to Revolut’s central payment system refunding its own funds, potentially impacting profits.
5. Experts believe that an organized criminal gang exploited a vulnerability in the gateway and encouraged hired criminals to make expensive purchases, later claiming refunds from ATMs.