Federal prosecutors in Nebraska have uncovered a sophisticated ATM hacking conspiracy involving individuals linked to the Venezuelan prison gang Tren de Aragua. According to the indictment, the group has managed to steal a staggering $5.4 million through a series of ATM jackpotting attacks that targeted financial institutions across the United States, including the Chicago area.
The modus operandi of the group involved physically accessing ATMs, installing malware, and forcing the machines to dispense cash without debiting customer accounts, a technique known as ATM jackpotting. This cyber-enabled bank theft operation, which ran from January 2024 to the present, saw the group carrying out over 90 attacks nationwide.
At the heart of the conspiracy is Anibal Alexander Canelon Aguirre, also known as “Prometheus” and “The Engineer,” who allegedly played a key role in deploying malware and coordinating the attacks. The group utilized specialized ATM malware called Ploutus, often installed using small single-board computers like Raspberry Pi devices. The scheme involved meticulous surveillance of ATMs, physical tampering with internal components, remote activation of malware, and coordinated cash pickups. To cover their tracks, the malware was designed to delete itself after each attack.
Court records reveal that the defendants executed or attempted 117 jackpotting attacks on federally insured banks and credit unions, resulting in confirmed losses of $5,401,181 and attempted losses of $1,429,738. Some individual attacks yielded losses exceeding $100,000, with a Nebraska credit union falling victim to two attacks in August 2025 that netted approximately $300,000.
Proceeds from the scheme were divided among participants, with the remaining funds laundered through financial transfers to conceal their illicit origins. Tren de Aragua, originally a Venezuelan prison gang, has evolved into a violent transnational criminal organization with operations across the Western Hemisphere and within the United States. Earlier this year, the group was designated a Foreign Terrorist Organization by the U.S. State Department, prompting prosecutors to bring terrorism-related charges against its members.
The defendants face a range of federal charges, including conspiracy to commit bank fraud, bank burglary, computer fraud, money laundering, and providing material support to terrorists. The investigation into this elaborate ATM hacking conspiracy underscores the growing sophistication of cyber-enabled financial crimes and the need for robust cybersecurity measures to protect against such threats.
