In 2010, the famous security researcher Barnafrom Jack spectacularly hacked into an ATM cash machine on stage at the Black Hat security conference, causing it to spit out wads of cash in front of an astonished audience.
More than a decade later, the ATM jackpot – as it is called – has been liberated from the realm of theoretical security research into big business and the criminal world.
According to a new security bulletin issued by the FBI, hackers have rapidly increased their attacks in recent years, with more than 700 attacks on cash dispensers in 2025 alone, netting hackers at least $20 million in stolen cash.
According to the bulletinthe FBI says hackers use a combination of physical access to ATM machines, such as generic keys to unlock front panels and access hard drives, and digital tools, such as installing malware that can cause ATMs to quickly dispense cash instantly.
The FBI has warned that a particular piece of malware, known as Wealthit affects various ATM manufacturers and cash dispensers by targeting the underlying Windows operating system that powers many ATMs. Ploutus gives hackers full control of a compromised ATM, allowing them to issue instructions capable of tricking the teller into disbursing notes without withdrawing money from customer accounts.
Ploutus leverages extensions for financial services or XFS software, which ATMs rely on to communicate with various other hardware components, such as the PIN pad, card reader, and the all-important cash dispenser.
“Ploutus attacks the ATM itself rather than customer accounts, enabling quick cash-out operations that can take place in minutes and are often difficult to detect until the money is withdrawn,” according to the FBI release.
Security researchers previously found problems with the XFS software that may allow hackers to trick ATMs into dispensing cash.
Updated the lede paragraph to modify the date.
