Urgent Advisory: Hackers Steal $20 Million by Exploiting Flaw in Revolut’s Payment Systems

Date: 10/07/2023 

Link: The Hacker News

Introduction 

We would like to bring to your attention a significant security breach that has affected Revolut’s payment systems. Malicious actors successfully exploited an unknown flaw within the system, resulting in the theft of over $20 million from the company’s funds.

The incident occurred in early 2022 but has only recently been reported, with details provided by anonymous sources to the Financial Times. Revolut has not publicly disclosed the breach. 

Incident Details 

The total amount stolen in this mass fraud scheme is estimated to be around $23 million, with some funds being recovered through efforts to pursue those who withdrew cash.

However, Revolut still incurred a net loss of approximately $20 million. The company is actively working to address the vulnerability and secure its payment systems to prevent similar incidents from occurring in the future. 

Recent Developments 

It is worth noting that last week, Interpol announced the arrest of a suspected senior member of a French-speaking hacking group known as OPERA1ER. This group has been linked to various attacks targeting financial institutions and mobile banking services.

Their tactics include the use of malware, phishing campaigns, and large-scale Business Email Compromise (BEC) scams.

While it is unclear whether there is a direct connection between this hacking group and the breach at Revolut, it underscores the ongoing threat posed by cybercriminals to the financial sector.

Recommended Actions

  • Revolut customers are advised to monitor their accounts closely for any suspicious activity and report any unauthorised transactions immediately to the company.
  • All financial institutions and fintech companies are encouraged to review their own security systems and protocols to ensure robust protection against potential vulnerabilities and attacks.
  • Stay vigilant against phishing attempts and educate employees and customers about the risks of social engineering tactics used by cybercriminals.
  • It is crucial for organisations to prioritise security measures and remain proactive in safeguarding their systems and customer data.

References 

Risk Crew