Hackers Snag $2 Million From ATMs Without Using Credit Card

Illustration for article titled Hackers Snag $2 Million From ATMs Without Using Credit Card

Earlier this week, Taiwanese hackers tricked ATMs into unloading piles of cash—more than $2 million dollars, in fact—without using a credit card. Instead of using a stolen credit card like most ATM thieves, these masked robbers used a computer program and walked away with piles of cash in a backpack.


The hackers attacked 30 ATMs belonging to the Taiwanese First Commercial bank. Authorities still aren’t sure exactly how they pulled it off. They know some malicious code was deployed onto the ATMs, but they aren’t yet sure of how the code was able to bypass the ATMs stringent security setup.

The two hackers were reportedly able to complete their heist in less than 10 minutes. The malicious code on the ATMs first had it dump cash, and then cleaned up evidence that the code ever existed. According to Taiwanese police, it appears that the money making code was deployed by some kind of device, potentially a smartphone. The German manufactures of the ATMs said they had dispatched investigators to Taiwan to find out exactly what happened.

“It is still not clear how the suspects stole such a large amount of money from the ATMs,” a Taiwanese official told Agence France-Presse. “My understanding is this is the first time such a criminal method has been discovered here.”

The Taiwanese bank has shut down multiple ATMs since the attack, presumably so hackers don’t shake down the machines for millions in just a few minutes all over again.


Staff Writer, Gizmodo | Send me tips: william.turton@gizmodo.com



I hope this is a limited vulnerability to a specific ATM type because if not the ATM wars are upon us. Hard to imagine how they would load software unless there is an accessible diag port on the front, I can’t imagine wireless or Bluetooth would be used on an ATM and the back and forth of securing then being breached again could be epic if this turns out to work on more than one ATM type and is not identified and patched quickly.