Once upon a time, robbing a bank meant masks, getaway cars, and bags of cash. Today, cybercriminals have found a far quieter and more efficient method: ATM jackpotting. This technique, which combines physical access with digital hacking, allows attackers to make ATMs “spit out” cash on demand—sometimes draining machines in just minutes.

ATM jackpotting first grabbed headlines in Europe and Asia in the mid-2010s, but it has since gone global. Attackers either install malicious hardware (like skimmers or USB devices) or upload malware directly onto the ATM’s operating system, often via vulnerable service ports. Once inside, they can override the machine’s controls and trigger cash dispensers—turning the ATM into their personal slot machine. In some cases, criminals even control the process remotely, instructing “money mules” to stand by machines and collect the payouts.

The threat is made worse by the fact that many ATMs still run outdated software such as Windows 7—or even Windows XP—which no longer receive security updates. Criminals exploit these legacy systems, knowing banks are slow to upgrade thousands of machines spread across cities and countries. In 2024, for example, researchers noted a rise in jackpotting campaigns across Latin America, where attackers used malware strains like “Ploutus” and “Cutlet Maker” to drain millions.

The financial impact goes beyond the stolen cash. Successful jackpotting attacks damage consumer trust, force banks to replace or patch ATMs at scale, and often reveal broader weaknesses in financial infrastructure security. Since ATMs are public-facing and widely distributed, they remain one of the hardest endpoints to secure.

Defenses are improving. Banks are hardening ATMs with encryption, BIOS-level security, and real-time monitoring, while law enforcement agencies are collaborating internationally to track organized jackpotting groups. But as long as legacy systems remain in service, attackers will continue to look for opportunities.

The lesson here is simple: while digital banking grows more advanced, old-school cash is still in demand—and criminals are willing to mix traditional crime with cutting-edge hacking to get it. ATM jackpotting is proof that in cybersecurity, the past and the future often collide.