U.S. ATM jackpotting cash-out wave
Exploitation Wave
Summary
Hide ▲
Show ▼
ATM jackpotting is intensifying across the U.S., with 1,900 incidents since 2020 and more than $20 million lost in 2025. The wave shows attackers repeatedly compromising cash machines for fast, unauthorized cash-outs rather than isolated fraud. The abuse relies on physical access, specialized malware such as Ploutus, and commands sent through XFS on Windows-based ATMs. The scale and speed of the thefts make exposed machines a continuing high-risk target.
Related Happenings
U.S. consumers saw a surge in crypto ATM scam losses in 2025
Target Trend
First: 19.05.2026 22:45
Last: 19.05.2026 22:45
Sources 1
About this happening:
Law-enforcement complaint data shows **crypto ATM/cryptocurrency kiosk scams** drove sharply higher losses across **U.S. consumers** in **2025**, increasing the risk of large, irr...
U.S. consumers saw a surge in crypto ATM scam losses in 2025
Target TrendAbout this happening: Law-enforcement complaint data shows **crypto ATM/cryptocurrency kiosk scams** drove sharply higher losses across **U.S. consumers** in **2025**, increasing the risk of large, irr...
Minnesota statewide crypto kiosk ban
Public Sector Action
First: 19.05.2026 22:45
Last: 19.05.2026 22:45
Sources 1
About this happening:
Earlier this month, **Minnesota lawmakers** **banned cryptocurrency kiosks statewide**, tightening access to a payment channel commonly used in **crypto ATM scams**. The restricti...
Minnesota statewide crypto kiosk ban
Public Sector ActionAbout this happening: Earlier this month, **Minnesota lawmakers** **banned cryptocurrency kiosks statewide**, tightening access to a payment channel commonly used in **crypto ATM scams**. The restricti...
Tren de Aragua members charged in ATM jackpotting case
Law Enforcement
First: 20.02.2026 12:08
Last: 20.02.2026 12:08
Sources 1
About this happening:
The U.S. Department of Justice charged **87 Tren de Aragua members** over the past **six months** in a case tied to **ATM jackpotting** and **Ploutus malware**. The charging actio...
Tren de Aragua members charged in ATM jackpotting case
Law EnforcementAbout this happening: The U.S. Department of Justice charged **87 Tren de Aragua members** over the past **six months** in a case tied to **ATM jackpotting** and **Ploutus malware**. The charging actio...
FBI ATM jackpotting mitigation guidance
Advisory/Mitigation
First: 20.02.2026 10:05
Last: 20.02.2026 10:05
Sources 1
How related:
The agency has outlined a long list of recommendations that organizations can adopt to mitigate jackpotting risks.
About this happening:
The **FBI** has issued mitigation guidance for **ATM jackpotting**, aiming to reduce cash-out risk across deployed **ATM devices**. The recommendations focus on **physical securit...
FBI ATM jackpotting mitigation guidance
Advisory/MitigationHow related: The agency has outlined a long list of recommendations that organizations can adopt to mitigate jackpotting risks.
About this happening: The **FBI** has issued mitigation guidance for **ATM jackpotting**, aiming to reduce cash-out risk across deployed **ATM devices**. The recommendations focus on **physical securit...
Ploutus malware in nationwide ATM jackpotting operation
Malware Activity
First: 27.01.2026 18:27
Last: 27.01.2026 18:27
Sources 1
How related:
The jackpotting attacks involve the use of specialized malware, such as Ploutus, to infect ATMs and force them to dispense cash.
About this happening:
The **Ploutus** malware was used in a **nationwide ATM jackpotting operation** that drained cash from **bank and credit union ATMs across the United States**, raising theft and co...
Ploutus malware in nationwide ATM jackpotting operation
Malware ActivityHow related: The jackpotting attacks involve the use of specialized malware, such as Ploutus, to infect ATMs and force them to dispense cash.
About this happening: The **Ploutus** malware was used in a **nationwide ATM jackpotting operation** that drained cash from **bank and credit union ATMs across the United States**, raising theft and co...
Latest development: 20.02.2026 10:05
The FBI warned that ATM jackpotting incidents across the U.S. have increased, citing more than $20 million lost in 2025, 1,900 reported incidents since 2020, and about $40.73 million collectively lost since 2021. The bulletin says attackers use Ploutus and similar malware to gain access to ATMs, exploit XFS on the underlying Windows operating system, and force cash-outs, and it recommends stronger physical security, security cameras, threat sensors, lock changes, device auditing, default-credential resets, device allowlisting, automatic shutdown on indicators of compromise, and logging.
Timeline
-
20.02.2026 10:05 3 articles · 3mo ago
FBI warns of rising ATM jackpotting across the U.S.
Initial DisclosureThe FBI warned U.S. ATM operators and financial institutions about a rise in ATM jackpotting, citing more than $20 million in losses during 2025, 1,900 reported incidents since 2020, and 700 incidents in the prior year. The bulletin said threat actors exploit physical and software vulnerabilities in ATMs, use malware such as Ploutus to force cash dispensing without a legitimate transaction, and recommended physical hardening, device audits, default-credential changes, automatic shutdown on compromise indicators, device allowlisting, and logging.
Show sources
- FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025 — thehackernews.com — 20.02.2026 10:05
- FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025 — thehackernews.com — 20.02.2026 10:05
- Jackpotting Surge Costs Banks Over $20m, Warns FBI — www.infosecurity-magazine.com — 23.02.2026 12:30