In 2010, the famed security researcher Barnaby Jack spectacularly hacked into an ATM cash machine on stage at the Black Hat security conference, forcing it to spit out reams of bank notes in front of an awestruck audience.
More than a decade later, ATM jackpotting — as it’s called — has broken free from the realms of theoretical security research into big business in the criminal world.
According to a new security bulletin issued by the FBI, hackers have rapidly ramped up their attacks in recent years, with more than 700 attacks on cash dispensers during 2025 alone, netting hackers at least $20 million in stolen cash.
Per the bulletinthe FBI says hackers are using a mix of physical access to ATM machines, such as generic keys for unlocking front panels and accessing hard drives, and digital tools, like planting malware that can force ATMs to rapidly dispense cash in a flash.
The FBI warned that one particular malware, known as Ploutusaffects a variety of ATM manufacturers and cash dispensers by targeting the underlying Windows operating system that powers many ATMs. Ploutus grants the hackers full control over a compromised ATM, allowing them to issue instructions capable of tricking the dispenser into disbursing notes without drawing funds from customer accounts.
Ploutus takes advantage of extensions for financial services, or XFS software, which ATMs rely on to communicate with its various other hardware components, such as the PIN keypad, the card reader, and the all-important cash dispensing unit.
“Ploutus attacks the ATM itself rather than customer accounts, enabling fast cash-out operations that can occur in minutes and are often difficult to detect until after the money is withdrawn,” per the FBI bulletin.
Security researchers previously found issues with XFS software that can allow hackers to trick ATMs into dispensing cash.
Updated the lede paragraph to amend date.
