A vulnerability in Revolut’s payment systems leads to a $20M theft.

An unknown threat actor has exploited an undisclosed flaw in fintech firm Revolut’s payment processing service and stole roughly $23 million from the company.

As per Financial Times, the issue was related to discrepancies between Revolut’s European and US payment systems, which led to Revolut mistakenly refunding the accounts with its funds when transactions were declined.

The criminals behind this massive fraud scheme have been taking advantage of the bug from late 2021 to early 2022 when the problem was discovered and addressed. Revolut had managed to recover only a fraction of the stolen funds, resulting in a net loss of about $20 million.