In 2010, renowned security researcher Barnaby Jack made headlines when he hacked into an ATM cash machine on stage at the Black Hat security conference, causing it to dispense numerous banknotes before an astonished audience.
Over a decade later, ATM jackpotting has transitioned from theoretical security research to a major criminal enterprise.
According to a new security bulletin from the FBI, hackers have significantly increased their attacks, with over 700 ATM heists in 2025 yielding at least $20 million in stolen cash.
The bulletin reports that hackers use a combination of physical access methods, like generic keys for opening ATM panels and accessing hard drives, and digital tactics, such as deploying malware to force ATMs to release cash quickly.
The FBI highlighted that one particular malware, named Ploutus, targets multiple ATM manufacturers and affects the Windows operating system that powers many ATMs. Ploutus gives hackers full control over compromised ATMs, enabling them to issue commands that trick dispensers into dispensing cash without accessing customer funds.
Ploutus exploits extensions for financial services, or XFS software, that ATMs use to interface with components like the PIN keypad, card reader, and cash dispensing unit.
“Ploutus attacks the ATM itself rather than customer accounts, enabling fast cash-out operations that can occur in minutes and are often difficult to detect until after the money is withdrawn,” according to the FBI bulletin.
Security researchers have previously discovered vulnerabilities in XFS software that allow hackers to manipulate ATMs into dispensing cash.
Barnaby Jack, the late security researcher credited with pioneering ATM “jackpotting” attacks. Credit: YouTube.
*Updated the lede paragraph to amend date.*