The FBI has reported a sharp increase in ATM jackpotting attacks in the United States, with losses crossing $20 million in 2025. More than 700 cases were recorded during the year, part of nearly 1,900 incidents since 2020.
In these attacks, criminals break into ATMs and install malware that forces machines to dispense cash on command. The method targets the ATM’s software, not customer bank accounts. The Ploutus malware has been widely used to exploit the XFS platform that controls cash-dispensing functions.
The agency has advised banks and ATM operators to upgrade systems, improve physical security, and regularly inspect machines to detect tampering and prevent further financial losses.