Two Venezuelan nationals have been sentenced to 78 months in prison for their role in an ATM jackpotting scheme that used malware to force cash machines across the United States to dispense money illegally. The operation, which authorities say was part of a broader transnational criminal network, involved the deployment of Ploutus malware on ATMs and resulted in losses exceeding $1.5 million.
Carlos Javier Padron, 36, was sentenced after pleading guilty to conspiracy to commit bank burglary and computer fraud. His co-defendant, Oddry Arnoldo Cabrera Torrealba, 37, received the same sentence on June 11 after pleading guilty to identical charges.
Ploutus Malware Used to Trigger Unauthorized Cash Withdrawals
According to court documents, Padron and Torrealba were members of a criminal network responsible for carrying out ATM jackpotting attacks across the United States. Their role involved physically installing a variant of Ploutus malware on targeted ATMs.
Once activated, the malware enabled attackers to send commands directly to the ATM’s cash dispensing module, allowing unauthorized withdrawals of currency. Investigators said the malware was also designed to erase traces of its presence, making it more difficult for financial institutions to detect the compromise.
The two men were arrested by the Lincoln Police Department during an ATM jackpotting incident in October 2024.
More Than $1.5 Million Ordered in Restitution
Along with their prison sentences, Padron and Torrealba were jointly ordered to pay $1,537,696 in restitution to the affected financial institutions.
Officials said the investigation uncovered a much larger criminal operation following their arrests. Authorities have since indicted 96 additional individuals connected to the conspiracy on charges including bank burglary conspiracy, money laundering, computer fraud, unauthorized access to protected computers, bank fraud, and providing material support to a designated foreign terrorist organization.
Authorities Link Scheme to Tren de Aragua
U.S. officials stated that the investigation established direct and indirect links between several indicted co-conspirators and Tren de Aragua, a transnational criminal organization that originated in Venezuela.
According to investigators, the group has expanded its operations throughout the Western Hemisphere and has been involved in crimes including drug trafficking, firearms trafficking, kidnapping, robbery, extortion, commercial sex trafficking, and financial fraud.
Authorities allege that ATM jackpotting became one of the organization’s revenue-generating activities, targeting financial institutions across the United States through coordinated cyber-enabled attacks.
Justice Department Says Financial Crimes Fund Organized Crime
Assistant Attorney General A. Tysen Duva said the defendants helped deploy malware as part of a criminal network that stole millions of dollars from ATMs across the country. He added that disrupting such operations is critical to protecting financial institutions from technology-enabled fraud.
U.S. Attorney Lesley Woods for the District of Nebraska described ATM jackpotting as a significant revenue source used to finance the criminal activities attributed to the organization and said federal prosecutors would continue targeting its financial networks.
The FBI’s Omaha Field Office said it continues to adapt its investigative efforts as criminal organizations increasingly rely on cyber-enabled financial crimes. Homeland Security Investigations also stated that the prosecution was intended to protect both consumers and the U.S. financial system from organized criminal activity.
Multi-Agency Investigation Continues
The investigation was led by the FBI Omaha Field Office and Homeland Security Investigations, with assistance from numerous federal, state, and local law enforcement agencies across the United States.
The case is being prosecuted by the Justice Department’s Computer Crime and Intellectual Property Section, the U.S. Attorney’s Office for the District of Nebraska, and Joint Task Force Vulcan.
Officials said the case forms part of a broader federal effort targeting transnational criminal organizations involved in cybercrime, financial fraud, and other organized criminal activities. The investigation into the wider network remains ongoing.
