The FBI has issued a warning regarding a significant rise in ATM jackpotting, noting that over twenty million dollars was stolen in 2025 alone. These attacks involve criminals physically tampering with machines to install malware that forces the hardware to dispense cash without requiring a bank card or account authorization.

ATM jackpotting has become a growing threat in the United States, with reports indicating nearly two thousand incidents since 2020. The pace of these attacks accelerated sharply in 2025, accounting for a large portion of the total occurrences and resulting in tens of millions of dollars in collective losses over the past several years. Federal authorities have highlighted that these crimes are particularly damaging because they bypass the standard security protocols used to verify legitimate financial transactions.

The process typically begins with criminals gaining physical access to the interior of an ATM, often by using generic keys that are easily obtained. Once inside, they deploy specialized malware, such as the Ploutus strain, by either tampering with the existing hard drive or replacing it with one preloaded with malicious software. This malware is designed to communicate directly with the machine's internal operating system, allowing it to function independently of the bank's central network or any individual customer's account data.

The technical core of the attack relies on exploiting the software layer that bridges the gap between the ATM's computer and its physical mechanical parts. By sending unauthorized commands to this specific interface, the malware can trigger the cash dispenser on demand. Because many different ATM manufacturers use similar underlying operating systems, a single version of the malware can often be used against a wide variety of machines with minimal adjustments, making it a highly versatile tool for cybercriminals.

Detection of these incidents is notoriously difficult because the cash-out process happens within minutes and does not involve stolen card data that might trigger traditional fraud alerts. The FBI noted that the malware gives threat actors complete control over the machine, often leaving the theft unnoticed until an audit is performed or the machine runs out of currency. This stealthy approach allows criminal groups to target multiple locations in rapid succession before security teams can respond to the physical breach.

To combat this trend, law enforcement agencies are urging financial institutions to enhance both physical and digital security measures. Recommended strategies include upgrading locks to unique keys, installing motion sensors and cameras, and implementing strict software allow listing to prevent unauthorized devices from connecting to the ATM's internal systems. By auditing hardware regularly and configuring machines to shut down automatically when tampering is detected, organizations can better protect their assets against these sophisticated physical heists.

Source: FBI Reports 1,900 ATM Jackpotting Cases Since 2020, $20M Lost In 2025