Four men allegedly walked up to ATMs along Interstate 95 in Connecticut, cracked the hoods open like they were checking the oil, loaded in some malware, and then calmly withdrew $529,220 over the course of ten days. Not one ATM. Nine. The US attorney's office in Connecticut announced federal charges Monday, and the details are the kind of thing that makes you want to call your bank and ask some very uncomfortable questions.
The Scheme, Explained in All Its Audacious Glory
The technique is called "jackpotting," and it is exactly what it sounds like. According to the Guardian's reporting on the federal charges, the group used specialized hardware and malware to corrupt the machines and force them to dispense cash at will. Not a little cash. In a single raid at a northbound I-95 rest stop in Fairfield, they collected $136,000. From one ATM. At a highway rest stop.
The US attorney's office says the spree ran from August 8 to August 18, 2025, targeting at least nine cash machines. Their total haul came to $529,220. To put that in perspective, that is enough money to buy a house in most of America, a starter condo in Connecticut, or approximately 132,305 rest stop hot dogs from the very same turnpike where they pulled this off.
A Division of Labor That Would Make a Business School Professor Weep
The US attorney's press release, as reported by the Guardian, lays out a surprisingly professional operation. While one man, Luis Freites Arvilla, served as lookout, his brother Alberto opened the ATM hood, accessed the internal components, and then quietly left the area. Then, over the course of several hours, three of the four men would rotate back through to withdraw cash. Shifts. They worked shifts.
They also changed clothes between approaches to the same machine to avoid suspicion. Which, sure, yes, that's the kind of operational thinking that makes federal prosecutors put their coffee down and lean forward. Surveillance cameras caught all of it anyway, because that's how surveillance cameras work, but points for effort.
Prosecutors also released photographs that the men allegedly took themselves, showing them tinkering with the machines and posing with large stacks of cash. In the long and storied history of criminals defeating themselves, self-documentation remains the gold standard.
The One That Got Away (From Them)
Not every machine cooperated. According to the Guardian, on the very first day of the spree, a software patch installed on an ATM in Ansonia thwarted the group completely. They showed up with their toolkit and the machine essentially said no. The fact that this patch existed, and that it worked, and that the companies running the other eight machines apparently did not have the same patch installed, is a detail that deserves to sit with you for a moment.
The Guardian itself reported back in 2018 that two of the world's largest ATM manufacturers and the US Secret Service were already warning that jackpotting attacks were a real and growing threat. That was eight years ago. Some machines got the memo. Others, apparently, did not.
Who Got Caught and How
The four men charged are Euclides Moreno Itanare, 28; Willian Ricardo Flores, 49; Alberto Jose Freites Arvilla, 41; and Luis Jose Freites Arvilla, 38. All four are Venezuelan citizens. Two live in New York, one in North Carolina, and one in Massachusetts, according to the US attorney's office.
They were arrested Thursday following a joint investigation by the FBI, Connecticut state police, and the police departments of Raleigh, North Carolina and New York. They are now in federal custody facing charges of interstate transportation of stolen property, which carries up to ten years in prison, and conspiracy, which adds another potential five years. If convicted on both counts, they are looking at a very long stretch during which ATMs will remain entirely inaccessible to them.
What This Says About ATM Security in 2026
Here is the thing that should bother everyone a little. This was not a sophisticated bank hack. Nobody wrote zero-day exploits in a dark room while energy drinks stacked up around them. These men drove to highway rest stops, physically opened ATM cabinets, plugged things in, and came back repeatedly to grab cash. And it worked eight out of nine times.
The warning about jackpotting attacks has been circulating since at least 2018, per the Guardian's own earlier reporting. That means the financial infrastructure protecting cash machines in American rest stops has had the better part of a decade to button this up. The Ansonia machine was patched. The other eight were not. Someone, somewhere in the chain of ATM ownership and maintenance, has a very awkward quarterly review coming.
The Dingo Take
Look, it is genuinely hard to write about a $529,000 ATM heist without some measure of dark admiration for the sheer brazeness of it. These guys treated highway rest stops like a part-time job with excellent hourly rates. They had a lookout. They had rotating shifts. They had a wardrobe strategy. The only thing they did not have was any apparent awareness that every ATM in America is staring at a camera at all times, or that taking victory photos with stolen cash is not a great legal defense.
But the real story here is not the criminals. The real story is that in 2026, eight out of nine targeted ATMs were vulnerable to a technique that federal agencies and manufacturers were publicly warning about in 2018. One machine had a patch. One. Whatever company or bank owns those other eight machines should be paying the $529,220 in restitution themselves and then having a very serious conversation with whoever was responsible for their security updates.
Four men are sitting in federal custody right now because they drove up and down I-95 robbing ATMs like it was a reasonable career. They will likely go to prison. The systemic failure that made this possible for ten consecutive days across nine machines will get a press release, maybe a software update, and then absolutely nothing else will happen.
