Over Half a Million Dollars Stolen in ATM ‘Jackpotting’ Scheme, Officials Report
Over half a million stolen in ATM – Authorities in the District of Connecticut have charged four individuals in connection with a multimillion-dollar theft scheme targeting automated teller machines (ATMs). The operation, which spanned August 2025, resulted in more than $529,220 being siphoned from ATMs across the state, according to a federal criminal complaint. The suspects, all Venezuelan nationals, were apprehended on June 25 and face multiple charges, including conspiracy and interstate transportation of stolen property. Their method of exploiting ATMs—known as “jackpotting”—involved sophisticated technology to bypass security measures and extract cash from machines without triggering alarms or alerting bank staff.
The Scheme Unveiled
The federal prosecutors detailed the operation in a June 29 press release, explaining that the men used specialized hardware and malware to manipulate the ATMs. This allowed them to force the machines to dispense all their cash reserves in a single transaction. The scheme was meticulously planned, with each step executed to minimize detection. At least nine ATMs were compromised during the period from August 8 to August 18, 2025, though one machine had a recent software update that foiled the theft. The others, however, were emptied by the criminals, with the total stolen amount exceeding $529,220.
“The defendants’ actions demonstrate a coordinated effort to exploit vulnerabilities in automated banking systems,” stated the prosecutors in the release. “This method not only enables rapid extraction of funds but also disguises the theft as a routine transaction.”
Among the targets was an ATM located at a rest area near Interstate 95 in Fairfield, Connecticut. This machine, which was the most lucrative in the operation, reportedly dispensed $136,000. The complaint noted that the criminals followed a consistent pattern at each site, as captured in surveillance footage. This systematic approach included specific steps to ensure the thefts went unnoticed for extended periods.
Arrests and Legal Proceedings
The four suspects—Euclides Moreno Itanare, 28, from Raleigh, North Carolina; Willian Ricardo Flores, 49, from the Bronx, New York; Alberto Jose Freites Arvilla, 41, from Queens, New York; and Luis Jose Freites Arvilla, 38, from Lynn, Massachusetts—were arrested in June 2026. They are accused of orchestrating the thefts across multiple locations, with their roles seemingly divided among the group. The charges include conspiracy to commit theft and transporting stolen property across state lines, both of which carry significant penalties if proven in court.
According to the criminal complaint, the group’s plan involved a combination of physical access and digital manipulation. For instance, Alberto Freites Arvilla would initiate the process by disconnecting the ATM and using a bezel key to open its hood, allowing access to the internal components. While doing so, Luis Freites Arvilla remained in a nearby vehicle as a lookout. Once the machine was reconnected, Alberto inserted a card into its computer system, which likely activated the malware, prompting the ATM to dispense cash.
“The method used by the defendants is a clear example of how technology can be weaponized to bypass traditional security protocols,” the complaint explained. “Their ability to execute this plan repeatedly highlights the need for ongoing updates to ATM systems.”
The remaining members of the group, Euclides Itanare and Willian Flores, then posed as legitimate customers, inserting cards and entering PINs to withdraw cash. The complaint detailed that they repeated this process for hours at each location, often switching clothes to avoid suspicion during prolonged visits. This tactic made it easier for them to blend into the environment, reducing the likelihood of being identified by security cameras or nearby observers.
Execution of the Plan
Their modus operandi was methodical. Each ATM was targeted with precision, and the steps were repeated without variation. After the initial setup, the group would take turns appearing at the machine, inserting a card, and initiating a withdrawal. The process was designed to mimic normal ATM usage, making the theft appear routine. However, the malware ensured that the machines released all their cash at once, rather than allowing small withdrawals that might raise alarms.
Investigators noted that the criminals stored the stolen cash in waist packs or pockets, as seen in images apparently taken by the suspects themselves. These photos, shared in the complaint, show bundles of money stacked on the floor of a New York location, as well as cash placed in a plastic bag and on the car seat. The locations of the stolen goods suggest that the group was able to transport large sums without immediate detection, further complicating the investigation.
Impact and Investigation
The thefts had a noticeable impact on local banks and the communities affected. The targeted ATMs, many of which were in busy areas, were emptied of their contents, leaving customers unable to access funds for extended periods. The specific timeline of the attacks, from mid-August to late-August 2025, allowed the group to operate with relative impunity before the software patch was implemented. This patch, installed on one of the machines, served as a critical deterrent, preventing the criminals from siphoning cash from that particular ATM.
Despite this setback, the other eight ATMs were successfully exploited. The total amount of $529,220 indicates a well-organized effort to maximize their gains. The high value stolen from the Fairfield machine—$136,000—highlights the potential rewards of such a scheme. Investigators emphasized that the group’s ability to execute the plan repeatedly suggests a deep understanding of ATM systems and a strategic approach to avoiding detection.
Legal Consequences and Future Implications
If found guilty, the defendants could face up to 10 years in federal prison for the interstate transportation of stolen property charge, as well as up to five years for the conspiracy count. The severity of the penalties reflects the scale of the operation and its cross-state nature. The U.S. Attorney’s Office has not yet commented on the case, but USA TODAY has contacted the Office of the Federal Public Defender for the District of Connecticut to seek additional insights into the suspects’ legal defense and the evidence presented against them.
The case also underscores the growing threat of cyber-enabled thefts in the financial sector. With the rise of ATM jackpotting, banks are increasingly investing in security upgrades to protect against such vulnerabilities. The successful theft of over half a million dollars in a single month demonstrates the effectiveness of this method when executed with care. As technology continues to evolve, so too do the tactics used by criminals to exploit it, making it essential for law enforcement and financial institutions to stay ahead of these schemes.
Additional context from related news highlights the broader implications of such crimes. For example, a recent raid in California uncovered $2.2 million in stolen goods, indicating that similar tactics may be used in other states. Another incident involving a Walmart employee who allegedly hid a winning lottery ticket also illustrates how individuals can manipulate systems for personal gain. These cases collectively emphasize the importance of vigilance and technological safeguards in preventing large-scale thefts.
The details of the case, including the methodical steps taken by the suspects, have been meticulously documented by investigators. The process began with Alberto Freites Arvilla disconnecting the ATM and using a bezel key to access its interior. After inserting a card into the machine’s computer system, he reconnected the machine and activated the malware. The result was a rapid withdrawal of cash, which was then collected by the group. This sequence was repeated at multiple locations, showcasing the efficiency of their operation.
As the investigation continues, the focus remains on the technical aspects of the scheme and the roles each suspect played. The fact that they were able to target nine ATMs in such a short timeframe suggests coordination and planning beyond individual effort. Their actions not only highlight the potential for large financial losses but also the need for continued innovation in ATM security. With the increasing use of digital systems, the risk of such attacks is likely to grow, requiring a proactive approach from both law enforcement and the banking industry.
Further evidence from the criminal complaint details the specific steps taken at each ATM. The group’s ability to operate under the radar for hours at a time, while changing clothes to avoid suspicion, indicates a level of sophistication that goes beyond simple theft. Their use of both physical and digital methods demonstrates a dual approach to bypassing security measures. This case serves as a reminder of the evolving nature of financial crime, where technology and human ingenuity combine to create new challenges for law enforcement.
The stolen cash, which was reportedly stored in waist packs and pockets, was later transported to undisclosed locations. The photos taken by the suspects themselves provide a glimpse into the logistics of their operation, showing how they managed to carry and conceal large amounts of money. These images, combined with the surveillance footage, paint a clear picture of the group’s coordinated efforts. The successful execution of the plan across multiple sites also points to the importance of teamwork in such heists.
As the legal proceedings move forward, the case will likely be a focal point in discussions about ATM security and cybercrime. The federal charges against the suspects are expected to be part of a broader effort to address the increasing prevalence of jackpotting
