Venezuelan foreign terrorists from the notorious Tren de Aragua (TdA) gang siphoned over $40 million from American ATMs in a massive “jackpotting” scheme, using the funds to finance violence on U.S. soil. Federal authorities recently charged 87 individuals tied to the designated Foreign Terrorist Organization for exploiting outdated Windows XP ATMs with Ploutus malware. The sophisticated operation, which ran from February 2024 to December 2025, hit 1,529 machines and is seen as a stark illustration of the dangers posed by unchecked illegal immigration and legacy system vulnerabilities. This multi-agency federal crackdown is disrupting TdA’s violent expansion and terrorist financing within America.
Story Highlights
- Federal authorities charged 87 individuals tied to Tren de Aragua (TdA), a designated
- Foreign Terrorist Organization, in a massive ATM jackpotting scheme.
- The gang exploited outdated Windows XP ATMs with Ploutus malware, causing 1,529 incidents and losses exceeding $40 million from February 2024 to December 2025.
- Stolen funds allegedly financed terrorism, human trafficking, and murders, highlighting dangers of unchecked illegal immigration.
- Multi-agency takedown involved DOJ, Secret Service, FBI, and others; two leaders sentenced and deported in January 2026.
- Investigation continues under President Trump’s law-and-order focus, exposing legacy system vulnerabilities ignored under prior administrations.
Scale of the Terror-Fueled ATM Heist
U.S. Department of Justice prosecutors charged 87 defendants connected to Tren de Aragua for a nationwide ATM jackpotting operation. Coordinated teams burgled ATMs across Southeast and Midwest states including South Carolina, Georgia, North Carolina, Virginia, and Nebraska. Criminals installed Ploutus malware to force machines to dispense cash while erasing evidence. This sophisticated scheme ran from February 2024 through December 2025, hitting 1,529 machines. Losses surpassed $40 million, with single incidents stealing up to $300,000 from banks and credit unions.
Investigation into International “ATM Jackpotting” Scheme and Tren de Aragua results in Additional Indictment and 87 Total Charged Defendants
“Tren de Aragua is a complex terrorist organization that commits serious financial crimes in addition to horrific rapes, murders, and… pic.twitter.com/g15mbJ4pFw
— U.S. Department of Justice (@TheJusticeDept) January 26, 2026
Tren de Aragua: Terrorists Exploiting Border Crisis
Tren de Aragua, a Venezuelan gang labeled a Foreign Terrorist Organization, orchestrated the attacks to fund rapes, murders, drug trafficking, and human smuggling. Field operatives conducted surveillance, broke into ATMs, deployed malware via external keyboards or SMS, and laundered proceeds through networks. Early signs appeared in a 2019 Nevada case where TdA member Jesús Ernesto Reyes Garcia stole $125,000. Hierarchical structure directed recruits nationwide, evading detection on vulnerable legacy systems like unsupported Windows XP. Stolen cash directly supported TdA’s violent expansion into America.
Federal Crackdown Delivers Justice
January 2026 brought indictments for 31 more defendants in Nebraska, totaling 87 charged with 32 counts of bank fraud, burglary, computer fraud, and terrorism support. October 2025 saw 32 charged; December added 22. U.S. Secret Service, FBI, South Carolina Law Enforcement Division, DOJ, and Homeland Security Task Force coordinated the probe. Two key defendants received sentencing and deportation. Officials stress the probe continues, with more arrests likely. This multi-agency effort disrupts terrorist financing after years of lax border enforcement.
Prosecutors noted defendants used methodical burglary to install malware, stealing to bankroll TdA’s crimes. No customer accounts were directly hit, but institutions faced massive remediation costs and service disruptions.
Legacy Vulnerabilities and Path Forward
Outdated ATMs running Windows XP, unsupported since 2014, enabled physical-cyber attacks. Banks neglected upgrades, creating openings for foreign criminals. Short-term impacts include $40 million losses, operational halts, and heightened scrutiny. Long-term, expect faster modernization, stricter ATM regulations, and elevated counterterrorism priority. TdA’s U.S. operations underscore illegal immigration risks, fueling demands for secure borders and deportation. Trump’s administration prioritizes such threats, protecting financial integrity and communities from terrorist funding.
Financial sector-wide effects demand encryption, multi-factor authentication, and physical safeguards. This victory shows effective law enforcement triumphs over organized crime invading American soil.
Watch the report: 31 charged in ATM malware case: Tren de Aragua involvement
Sources:
- ATM Jackpotting Attack: Tren de Aragua Gang Exploits Ploutus Malware on Legacy Windows XP ATMs in US
- DOJ charges 31, including alleged Tren de Aragua members, in nationwide ATM jackpotting scheme
- 87 charged in nationwide ATM ‘jackpotting’ scheme tied to Tren de Aragua gang
- Feds charge 87 individuals in massive ATM ‘jackpotting’ operation linked to Tren de Aragua gang
