According to a report by the Financial Times, the vulnerability in question had to do with discrepancies between the US and European financial systems. By exploiting this bug, anyone could initiate a transfer that would later be declined - prompting Revolut to refund money that was never transferred.
The company did not disclose specific information about the vulnerability in order to prevent further attempts, but it appears that the cyberattack did not use malicious software. The vulnerability was discovered in late 2021 and since then, Revolut has sought to follow the money trail.
It is believed that the company still had losses of around 20 million dollars (18.1 million euros).