Warning to Revolut customers after £200k stolen from two accounts and they didn't get it back

A warning has been issued to the millions of people who now use online banking service Revolut after £200,000 was stolen from customers.

With over 30 million users, the London-based neobank offers its services to both ordinary folk and businesses. As well as banking it offers currency exchange, debit and credit cards, stock trading and even crypto.

But the company has had to issue a stark warning to its customers after hundreds of thousands of pounds was nicked from a couple of accounts.

The money was stolen from two business accounts via unauthorised access, taking the money out of the accounts and transferred to HSBC accounts before Revolut detected the breach.

One account had £165,000 taken, rendering the business on the brink of bankruptcy, Which? reports. The other breach saw £40,000 stolen in just 10 minutes.

The money will not be given back to the customers by Revolut, the bank has said, as multi-factor authentication checks were completed. But it will be strengthening its cyber security policies going forward.

The man running the business that was gutted of £165k told Which? he was called on a private number by someone purporting to be from Revolut's fraud protection team.

JUSTIN TALLIS/AFP via Getty Images

He said: "The caller says they are from the Revolut fraud protection team and explains that there have been suspicious transactions on my account. They think my account has been compromised.

"Initially, they ask quite a lot of questions, about anyone having access to the account. No one else did have access. Throughout the call they applied pressure and kept passing me to different 'departments' in the company."

No phone call arrived, instead he was emailed from Revolut to confirm login from an unknown device.

The businessman was told to reply to this request with the words 'block request' before removing and then reinstalling the app. This triggered a security code sent by text, which he shared to reset his security details.

But the reality of the situation was that these steps gave the criminals the ability to pass one of Revolut's security checks, though it remains entirely unclear how they were also able to provide the 'selfie' photo that enabled them to take over the account.

Nikos Pekiaridis/NurPhoto via Getty Images

A Revolut spokesperson said: "We are sorry to hear of (these) cases and any instance where our customers have been targeted by ruthless and sophisticated criminals. Each potential fraud case concerning a Revolut customer is carefully investigated and assessed independently of other cases. We are aware of a recent increase in advanced Account Takeover (ATO) scam attempts by criminals across the industry.

"We are continuously strengthening our fraud controls to stay one step ahead of this trend, introducing further direct interventions and sharing educational materials with our customers so they are able to spot the social engineering tactics of criminals."