A loophole in Revolut’s payment system in the US was exploited by criminals who may have stolen more than $20m (£15.6m) last year.
First reported by the Financial Times, sources close to the situation said the incident stemmed from a difference between the Revolut payment systems in the US and Europe.
The difference meant that when certain transactions were declined, the user would receive a refund from Revolut, despite not sending any money.
Revolut addressed the situation last year. However, it was not able to fully recover the funds taken from it, ultimately losing out on a figure two-thirds the size of its first full year of profit (£26.3m) reported earlier this year.
The funds that were stolen were from Revolut’s own corporate finances and did not affect any customers.
Revolut declined to comment on the situation.
The fraud reveal comes as Revolut faces major regulatory hurdles in the UK as it awaits a decision on its banking licence application from the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA).
The fintech unicorn has struggled to secure regulatory approval for banking services in the UK and is currently facing scrutiny over an audit from BDO that stated it could not verify three-quarters of the company’s most recently reported revenue.
Amid the regulatory difficulties, the firm saw its valuation cut by 40% from $33bn down to $19.8bn earlier this year.
Despite this, Revolut – one of Britain’s most valuable fintech companies – continues to roll out new features and hit 30 million customers globally.