Authorities Warn of Rise in 'Jackpotting' ATM Scheme
Close-up of the keypad on an ATM. Photo courtesy of redspotted under CC BY 2.0.
Imagine walking up to an ATM and watching it spit out cash - without you inserting a card or entering a PIN. Sounds like a scene from a heist movie, right? But this is no Hollywood fiction. Across the United States, a sophisticated crime wave known as "jackpotting" is forcing ATMs to dispense thousands of dollars in cash, leaving banks and businesses scrambling to catch up.
What Is Jackpotting?
Jackpotting is a cyber-physical crime that combines hacking with physical tampering. Criminals gain access to an ATM by installing malware or a physical device — often called a "black box" — inside the machine. This allows them to override the ATM's security systems and command it to release cash on demand, without any card being used or account debited. The machine essentially becomes a rogue cash dispenser, emptying its vault at the criminals' whim.
The process often involves multiple players working in concert. One group physically tampers with the ATM to install the malware or device. Then, others remotely manipulate the machine's software to trigger cash withdrawals. Finally, a third group collects the cash as it pours out. This level of coordination makes jackpotting a highly organized and efficient criminal operation.
The Rising Tide of ATM Attacks
Jackpotting first appeared globally around 2010, but the US has seen a sharp increase in these attacks in 2024 and 2025. For example, in Fairfax, Virginia, a group of suspects allegedly walked away with $175,000 from a single ATM over several hours. Surveillance footage showed suspects repeatedly accessing the machine, sometimes filming their exploits on their phones, and withdrawing cash without any card inserted.
Texas has also become a hotspot. In Harris County alone, more than 70 ATMs were reportedly targeted in a matter of days, with losses exceeding $236,000. The Houston Police Department linked this spree to an organized group with alleged ties to Russia. The suspects used rented cars and focused intently on their cell phones while at the machines. They would find ATM receipts — either from trash or by pulling a balance — and send photos to an overseas "big boss" who remotely initiated the hack, as reported by Click 2 Houston News. This allowed the ATM to dispense cash repeatedly, with no record of withdrawals or debits to any bank account.
Other states like Georgia and Nebraska have reported similar incidents, showing that jackpotting is not confined to one region but is a growing national threat.
Who's Behind the Heists?
These crimes are not the work of lone wolves but rather well-organized criminal networks. In Texas, authorities have reportedly charged seven individuals connected to the jackpotting scheme, including a Ukrainian war refugee, suspected of being the US leader of the group. This individual allegedly receives 70% of the stolen money, much of which is converted into cryptocurrency, making it harder for law enforcement to trace. The rest of the cash then goes to the operatives physically manipulating the ATMs.
The international scope is striking. The "big boss" directing operations is believed to be in Russia, while the US-based operatives allegedly carry out the physical and remote hacking. Flight records suggest connections to other jackpotting cases in New York, Boston, and Ohio, indicating the potential for a sprawling network that spans multiple states and countries.
Why Are ATMs Vulnerable?
The vulnerability lies in the ATM hardware and software, which were not originally designed to withstand such sophisticated cyberattacks. Many machines are located in small businesses like gas stations and hotels, which may lack the resources to implement robust security measures. The criminals exploit these weak points, using malware and physical devices to bypass security protocols.
Financial institutions are caught in a bind. While the stolen cash is not deducted from any bank accounts, the ATM owners — often small businesses — bear the financial losses. Banks and credit unions have had to shut down ATMs temporarily to upgrade security and prevent further attacks. For example, Firstmark Credit Union in San Antonio reportedly closed all its ATMs during a weekend upgrade after being targeted.
The Challenge for Law Enforcement and Banks
Jackpotting presents a unique challenge. The crime blends physical theft with cybercrime, requiring coordination between local police, federal agencies, and cybersecurity experts. The use of cryptocurrency and international networks complicates tracking and prosecuting offenders.
Authorities urge ATM owners to install surveillance cameras and report suspicious activity, such as individuals lingering near machines or multiple rapid transactions. However, as the criminals refine their methods, law enforcement warns that jackpotting is unlikely to be an isolated incident and will continue to evolve.
What You Can Do
If you own or operate an ATM, vigilance is key. Ensure your machines are under constant surveillance, and consider physical security upgrades. Report any unusual activity immediately. For consumers, while jackpotting does not directly affect your bank account, staying informed about emerging scams helps you understand the broader risks in today's financial landscape.
Jackpotting is a stark reminder that even the most familiar machines can become tools for high-tech crime. As you approach an ATM, remember: the cash spilling out might not be a jackpot for you — but it's certainly a jackpot for someone else.
References: ATM 'jackpotting' crime wave grows after thieves walk away with hundreds of thousands in cash | Texas ATMs hacked in sophisticated 'jackpotting' theft scheme with ties to Russia | Jackpotting schemes cost local banks thousands of dollars. How does the cyberattack work?
