FBI says ATM ‘jackpotting’ attacks are on the rise, and netting hackers millionsin stolen cash

The FBI reports a rise in ATM 'jackpotting' attacks, with over 700 incidents in 2025 resulting in $20 million in losses. Hackers use physical access and malware like Ploutus to manipulate ATMs, allowing them to dispense cash rapidly without accessing customer accounts. This marks a shift from theoretical to practical exploitation of ATM vulnerabilities originally showcased in 2010 by security researcher Barnaby Jack.

Key Points

• The FBI reports over 700 ATM jackpotting attacks in 2025, resulting in at least $20 million stolen.
• Hackers employ physical access methods, such as generic keys, alongside digital tools, primarily malware.
• Ploutus malware specifically targets ATMs by exploiting the underlying Windows operating system and XFS software.
• Attacks enable hackers to issue cash withdrawal commands without debiting customer accounts, making detection difficult.

Relevance

• The rise of ATM jackpotting reflects increased vulnerabilities in financial technology stemming from insufficient security measures.
• In 2010, Barnaby Jack showcased ATM hacking at Black Hat, highlighting potential threats that have now materialized in criminal activity.
• Current IT trends emphasize the need for advanced cybersecurity measures and the growing focus on securing finance-related technologies.

The surge in ATM jackpotting shows how quickly theoretical security concerns can translate into real-world criminal activity, highlighting the urgent need for enhanced security protocols in financial technology.