newsletter

Four Men Charged in $529,000 ATM “Jackpotting” Scheme in Connecticut

Federal prosecutors in Connecticut say four men have been arrested and charged in connection with an alleged ATM “jackpotting” scheme that stole more than $529,000 from cash machines at rest stops and other locations.

The suspects are accused of targeting at least nine ATMs during a 10-day period in August 2025, mostly along Interstate 95 in Connecticut. Prosecutors said the group used specialized hardware and malware to manipulate the machines and force them to dispense large amounts of cash.

The U.S. attorney’s office identified the defendants as Euclides Moreno Itanare, 28; Willian Ricardo Flores, 49; Alberto Jose Freites Arvilla, 41; and Luis Jose Freites Arvilla, 38. Prosecutors said two lived in New York, one in North Carolina and one in Massachusetts. All four remain in custody while awaiting court proceedings.

According to federal authorities, the alleged scheme involved a method known as “jackpotting,” in which criminals physically access or tamper with an ATM and use malware or other tools to make the machine release cash. The term is used because the ATM can appear to pay out money like a slot machine.

Prosecutors said the group allegedly stole $529,220 from eight ATMs between August 8 and August 18. In one incident at a northbound rest stop on I-95 in Fairfield, the suspects allegedly took $136,000 from a single machine. Authorities said a software patch prevented the group from successfully taking money from another ATM in Ansonia on the first day of the alleged spree.

The U.S. attorney’s office said surveillance footage showed a similar pattern in several of the incidents. One suspect allegedly acted as a lookout while another opened the ATM and accessed its internal components. Over the next several hours, prosecutors said, members of the group took turns withdrawing cash from the compromised machine.

Authorities also alleged that the suspects changed clothing at times to avoid drawing attention when returning to the same ATM multiple times.

The four men were arrested following a joint investigation involving the FBI, Connecticut State Police and police departments in Raleigh, North Carolina, and New York. They face federal charges including interstate transportation of stolen property and conspiracy. If convicted, the interstate transportation charge carries a maximum sentence of 10 years in prison, while the conspiracy charge carries a maximum of five years.

The allegations have not yet been proven in court, and the defendants are presumed innocent unless convicted.

The case highlights how cybercrime and traditional theft can overlap. Unlike a simple cash-machine robbery, jackpotting schemes often require both physical access and technical knowledge. Criminals may need to open the machine, connect equipment, bypass security systems or install malware that communicates with the ATM’s dispenser.

For banks, retailers and travelers, the alleged thefts show why ATM security remains an ongoing challenge. Machines located at rest stops, gas stations or other public areas can be convenient for customers but may also be attractive targets if they are isolated or accessible for long periods.

The case also shows the importance of software updates and security patches. Prosecutors said one attempted theft was stopped because a patch had been installed to prevent that kind of attack. That detail suggests that regular maintenance and updated protections can make a real difference in preventing financial crime.

For ordinary customers, the biggest risk in jackpotting cases is usually not direct loss from personal accounts, because the attack targets the ATM’s cash supply rather than stealing card information. Still, these schemes can affect banks, ATM operators, businesses and the public by increasing security costs and reducing trust in cash machines.

Federal investigators are likely to review whether the alleged group was connected to a wider network or similar ATM attacks in other states. ATM jackpotting has been a known threat for years, with law enforcement agencies and ATM manufacturers warning that criminals have used malware and specialized tools to force machines to dispense cash.

Some details remain unclear, including how the suspects allegedly obtained the hardware and malware, whether additional people were involved and whether any of the stolen money has been recovered.

Why It Matters

The case shows how cyber-enabled theft can target everyday financial infrastructure such as ATMs. It also raises concerns for banks, ATM operators, rest-stop businesses and law enforcement agencies trying to prevent organized theft involving malware and physical tampering.

What Comes Next

The defendants will face federal court proceedings in Connecticut. Investigators may continue examining whether the alleged jackpotting scheme is linked to other ATM thefts, while ATM operators may review security updates and physical safeguards at vulnerable locations.

Continue Scrolling for the Comments