FBI warns ATM jackpotting attacks are spreading across the U.S.

Hackers are jackpotting ATMs, the FBI warns

Ever used an ATM and hoped it would just work? The FBI says a crime called “jackpotting” is growing, where hackers force a cash machine to spit out bills. The FBI alert supports the concern behind this slideshow and documents a sharp rise in malware-enabled ATM jackpotting incidents across the United States.

In a Feb. 19, 2026, FBI IC3 FLASH, the bureau said that, out of 1,900 ATM jackpotting incidents reported since 2020, more than 700 occurred in 2025 and caused losses exceeding $20 million.

In the FBI’s described jackpotting cases, the malware targets ATMs and cash dispensers rather than customer accounts, though customers should still avoid damaged machines and monitor account alerts. The fallout can mean outages and lines when machines are taken offline.

How ATM jackpotting works

Picture a slot machine, but it’s an ATM. That’s the basic idea behind ATM jackpotting, where criminals can trigger unauthorized cash-outs in minutes. The FBI says these hits can be hard to spot until the cash is already gone.

Instead of guessing your PIN, attackers focus on the machine’s controls. The alert describes criminals using physical access and software to make a dispenser release money without a transaction. Banks often learn about it only after the cash cassette is empty.

Hackers are jackpotting ATMs and the 2010 demo

In 2010, security researcher Barnaby Jack drew wide attention at Black Hat by demonstrating ATM attacks that made machines dispense cash, helping popularize the term “jackpotting.”

At the time, it looked like a flashy stunt with a warning label. Today, the FBI says similar tactics have moved into real-world crime. The FBI alert suggests the threat has moved beyond isolated demonstrations into a broader criminal pattern, with far more reported incidents in 2025 than in prior years.

Why these attacks aim at machines, not you

It’s easy to assume ATM crime means stolen cards or drained accounts. Jackpotting is different because the goal is to make the ATM hand out cash, even without touching a customer’s balance. The FBI notes these incidents can happen quickly, often before anyone notices.

That’s good news for your bank account, but not for the community. When operators shut down compromised machines, it can reduce access to cash for everyone. Operators may face added security and maintenance burdens after attacks, while customers may feel the impact through ATM outages or reduced machine availability.

Ploutus malware and the Windows layer inside

The FBI’s 2026 jackpotting alert lists indicators observed on affected ATMs running Windows OS, alongside signs of Ploutus-related activity. The FBI warns that a malware family called Ploutus can take control of an infected ATM and trigger cash to dispense. It’s one reason jackpotting has become easier to repeat.

Ploutus doesn’t need your login, because it talks to the ATM’s own systems. The FBI says it abuses the XFS software layer, which enables the ATM’s app to communicate with hardware such as the card reader, keypad, and cash dispenser. If attackers can issue commands there, the machine may obey.

Why XFS matters even if you’ve never heard of it

XFS stands for eXtensions for Financial Services, and it’s a “translator” between ATM software and the ATM’s physical components. Banks use it so that different hardware pieces can work together without reinventing everything. The FBI says attackers are exploiting this layer in some jackpotting cases.

When a normal withdrawal happens, the ATM software uses XFS to request bank approval, then tells the dispenser to release cash. If criminals hijack that instruction path, they may bypass the usual checks. That’s why patching and locking down software access is such a big deal.

How physical access can open the door

Some jackpotting cases start with old-school hands-on access. The FBI alert describes criminals trying to open ATM panels and reach internal ports or storage. Once they have enough access, they may introduce malicious code or change components.

This doesn’t mean every street ATM is unsafe, but it does explain the pattern. Machines in low-visibility spots can be easier targets than ATMs inside staffed bank lobbies. Operators respond by adding stronger locks, alarms, cameras, and tighter service routines because the first battle is often preventing that initial access.

Why attacks surged in 2025, per the FBI

The FBI says reports have climbed sharply, with over 700 jackpotting incidents in 2025 alone. That suggests criminals found repeatable playbooks, not just one-off tricks. A single successful crew can hit multiple machines fast if defenses are weak.

Security experts have long noted that older ATM hardware and software can be harder to secure if upgrades are delayed. While the FBI alert does not assign a single cause for the 2025 spike, outdated systems can increase risk exposure.

The FBI’s warning pushes operators to treat ATMs like computers that need constant, regular updates, not “set it and forget it” boxes.

What banks and ATM operators can do now

No single fix stops every jackpotting attempt, but strong basics help. The FBI and security reports emphasize locking down physical access, updating software, and monitoring for unusual behavior. Quick alerts matter because these cash-outs can happen in minutes.

Operators can also tighten who can service machines and when. Tools such as application allow-listing, hardware device whitelisting, and firmware integrity checks can reduce unauthorized software or device activity on ATMs.

Better camera coverage and well-lit placement help deter tampering. The goal is to make every step harder, slower, and riskier for criminals.

What you can do at the ATM, safely

You don’t need to become a security expert to lower risk. Use ATMs located inside bank branches or well-lit stores when possible. If a machine looks damaged, loose, or altered in any way, pick a different one and tell the store or bank.

Keep your hand over the keypad while you enter your PIN, and stay aware of your surroundings. Set up account alerts to be notified of withdrawals quickly. If you worry about cash access, keep an emergency stash at home so you’re not stuck when local ATMs go offline.

Why ‘cash only’ places feel this way

When ATMs get pulled offline after an incident, it hits people who rely on cash every day. That includes small businesses, tips-based workers, and anyone without easy access to banking apps. A single ATM can serve an entire neighborhood, so downtime matters.

It also affects travel. Tourists often use unfamiliar ATMs, and when key locations are shut down, lines form quickly. That’s why banks care about more than money losses; it’s also customer trust and convenience. Strong ATM security keeps everyday life moving, not just balance sheets safe.

Little-known fact: Two Nebraska indictments charged 54 people in an alleged ATM jackpotting conspiracy in December 2025, and the DOJ said the related total reached 93 defendants by Feb. 20, 2026.

How law enforcement is responding

The FBI’s alert is meant to get banks, ATM operators, and local police on the same page. Warnings can lead to faster reporting, better evidence collection, and patterns that connect cases across states. That matters because crews can travel and repeat the same method.

Federal and local agencies also pursue larger networks, not just the person standing at the machine. Recent court cases show that “jackpotting” can involve groups who specialize in different roles. The bigger the network, the greater the pressure to disrupt it before it spreads further.

Want to learn how card skimming differs from ATM jackpotting and what warning signs to look for? Read our guide to common ATM fraud tactics and how to spot them.

What this trend means for the future

ATMs aren’t going away soon, but they may change. Expect more machines in secure locations, more software hardening, and more overall monitoring. The FBI’s message is that this threat is real and growing, so the industry has to move faster today.

For regular people, the key is staying flexible. Use contactless payments when you can, keep backup options, and don’t ignore strange account alerts. Most of the time, your money is protected, but disruptions can still be a headache. Smart habits help you avoid the hassle while banks upgrade defenses.

Want a related explainer for readers? Link to a story that compares ATM jackpotting, card skimming, and other ATM fraud methods, keeping the connection clear and valuable.

What do you think about the FBI warning that ATM jackpotting attacks are spreading? Share your thoughts in the comments.

This slideshow was made with AI assistance and human editing.

Read More From This Brand:

• Holiday travel scams to watch for before you click ‘book’
• Maryland officials close multiple call centers involved in gold bar fraud
• FBI Stops New Year’s Eve Bomb Plot Targeting Los Angeles Warehouses