Banks seem to have forgotten about those big metal boxes full of cash that are positioned all over the place, known as ATMs, despite spending years hardening their apps, encrypting databases, putting fraud detection systems in place, and taking other precautions to guard against cyberattacks This article explores atm attacks 2020. . According to the FBI, which has documented about 1,900 ATM attacks since 2020, 700 of these machines were broken by criminals nationwide in 2025, representing an unexpected increase in ATM attacks. Last year, banks suffered losses of up to $20 million as a result of these so-called "jackpotting" attacks, which served as a stark reminder of the dangers that financial institutions still face from poorly secured ATMs.

Over 90 Indicted The US Department of Justice has been charging six Venezuelan nationals, aged 21 to 43, with conspiring to install malware on ATMs and steal millions of dollars from US banks since December, which coincided with the FBI advisory. Since December 2025, 93 people have been charged by US authorities with ATM jackpotting, including members of the infamous Tren de Aragua (TdA) group, which the US has designated as a Foreign Terrorist Organization. ## A Target at Risk According to Louis Eichenbaum, federal chief technology officer (CTO) at ColorTokens, "ATM jackpotting attacks are increasing because many ATM environments remain vulnerable to basic exploitation techniques."

Since these attacks frequently take advantage of out-of-date software, lax remote access controls, and inadequate physical security, they usually don't require sophisticated capabilities. Related: A CISO's Guide to Protecting Data Assets from AI Scraping According to Eichenbaum, "a lot of ATMs still run on outdated operating systems that are hard to patch and don't have contemporary endpoint security." "An attacker can install widely accessible malware and take direct control of the cash dispenser if they manage to obtain physical access or compromise remote management services."

The readily available security paraphernalia and generic ATM keys for opening up ATM panels are contributing factors to these attacks, according to Mayuresh Dani, security research manager at Qualys.

According to Dani, open source proof-of-concept initiatives that have reverse-engineered XFS and documented its internal operations are an addition to that.