FBI says ATM ‘jackpotting’ attacks are on the rise, netting hackers millions in stolen cash

Back in 2010, well-known security researcher Barnaby Jack famously hacked an ATM onstage at the Black Hat security conference, making the machine dispense stacks of cash in front of a stunned crowd.

More than a decade later, ATM “jackpotting” — as the technique is known — has moved beyond the world of theoretical security demonstrations and into a profitable criminal enterprise.

According to a new FBI security bulletin, hackers have significantly increased these attacks in recent years. The bureau said there were more than 700 attacks on cash dispensers in 2025 alone, resulting in the theft of at least $20 million in cash.

The FBI bulletin said attackers are combining physical access methods with digital techniques. On the physical side, hackers may use generic keys to unlock ATM front panels and gain access to internal components such as hard drives. On the digital side, they may install malware that forces ATMs to dispense cash rapidly on command.

The FBI specifically warned about a malware strain known as Ploutus, which it said can affect a range of ATM manufacturers and cash dispensers by targeting the Windows operating system that powers many machines. The bureau said Ploutus can give attackers full control over a compromised ATM, enabling them to send commands that cause the machine to dispense cash without withdrawing funds from customer accounts.

Ploutus exploits the Extensions for Financial Services (XFS) software used by ATMs to communicate with hardware components, including the PIN keypad, the card reader, and the cash dispensing unit.

“Ploutus attacks the ATM itself rather than customer accounts, enabling fast cash-out operations that can occur in minutes and are often difficult to detect until after the money is withdrawn,” the FBI bulletin said.

Security researchers have previously identified weaknesses in XFS software that can allow hackers to manipulate ATMs into dispensing cash.