Yes, but this has always been an issue for any service that allows you to find your contacts. It’s not a privacy issue per se, since you have to consent and the other person needs to know your number to see (just like look up by email with Twitter). iMessage rats you out in the same way, and attackers can use that method to target phishing scams towards Apple customers, it’s been known to happen. The same technique has also been used to target phishing texts and emails towards PayPal customers. It’s a standard industry-wide implementation.
Monzo does the same thing, although they don’t show the contacts mobile number in app, so it’s harder to know which user belongs to which mobile number using that script method. They are the only financial app I’m aware of it that obscures it in that way though.
There are methods Revolut can use, such as not showing the phone number in app, or using usernames instead for the services that require you to be identified by mobile number.
But this utility has always existed with service providers, and in turn this exploit has always existed with them. The usability trade off to prevent a rate case of targeted phishing isn’t usually worth it, and the method is actually more privacy friendly than alternatives. Revolut probably can and should do more to obscure the identifiable info so it’s harder for the bad guys identity which contacts are Revolut users, but that’s not going to put an end to phishing.
If it concerns you with Revolut, it should concern you with others who have an identical feature, and in some instances, you don’t even have a choice of opt in or opt out. It’s not a feature I’ve ever needed to use with any service, so I’ve never turned it on. The only exception is with iMessage, as that’s not a possibility.
To avoid any confusion, this is the setting you need to turn off (disallowing contacts access won’t turn it off):