FBI warns ATM 'Jackpotting' attacks surge, minting hackers millions in cash

The FBI has issued a warning about a rise in ATM jackpotting attacks, which have evolved from theoretical security research into a lucrative criminal enterprise.

In 2025 alone, over 700 attacks on cash dispensers were reported in the US, with hackers bagging at least $20 million in stolen cash.

How ATM jackpotting works

According to the FBI's security bulletin, hackers are jackpotting ATMs through a combination of physical access and digital tools to carry out these attacks.

The criminals often use generic keys to unlock ATM front panels and access hard drives, alongside malware that forces machines to rapidly dispense cash.

Ploutus, a notorious malware, targets a variety of ATM manufacturers by exploiting the Windows operating system that many ATMs run on. It enables hackers to take full control of compromised ATMs, allowing them to instruct the machines to dispense cash without deducting funds from customer accounts, TechCrunch reported.

Ploutus ATM jackpotting malware

The particular target area of Ploutus is that it manipulates extensions for financial services (XFS) software, which ATMs rely on to interact with other essential hardware components like the PIN keypad and cash dispensing unit.

“Ploutus attacks the ATM itself rather than customer accounts, enabling fast cash-out operations that can occur in minutes,” the FBI noted. This makes such attacks particularly challenging to detect until after the cash has been withdrawn.

As ATM jackpotting is rising persistently, security researchers are urging financial institutions to strengthen their security to effectively combat this growing threat.