so it seems they hacked his sim card, thus where able to login to revolut on his behalf. once that is done the rest is peanuts. they saw the ubs credit card registered for auto topup. then removed the 15000 limit (they had full revolut access). then started transferring money (dirham apparently) to some other place: perhaps a bank account somewhere or used the revolut credit card number (which is shown in the app, including cvv) to upload another service who knows.
i guess the key takeaway is: getting your sim card hacked is horrible. and ok, registering another credit card for auto topup is not the best idea either…
So from a security point of view is seems important to avoid any sim hacks. which might be resolved by having (a) dedicated sim card(s) for any (each?) of these online services…?!