In a shocking revelation that has sent ripples through the financial and security sectors, a Venezuelan terror gang known as Tren de Aragua has orchestrated the largest ATM jackpotting operation in U.S. history, stealing a staggering $40.7 million from American banks.
This operation, which has been described by federal prosecutors as not merely a cybercrime but a significant act of terror financing, has resulted in the arrest of 54 gang members in a coordinated raid led by the U.S. Immigration and Customs Enforcement (ICE) and the Drug Enforcement Administration (DEA).
The details of this operation are as alarming as they are intricate, showcasing a level of sophistication that raises serious concerns about the vulnerabilities in our financial systems.
The Operation Unveiled
Federal investigators first uncovered the compromised ATMs in early 2025.
These machines were dispensing their entire cash reserves without any forced entry, explosives, or alarms.
This was an impossible feat unless the ATM’s operating system had been hacked.
Phase 1 – Reconnaissance
The criminal teams began their operation with extensive reconnaissance.
They surveilled banks and credit unions, documenting security features and alarm systems.
They even tested response times by opening ATM hoods and identifying vulnerable machines across 15 states.
Phase 2 – Malware Installation
Once they had identified their targets, the gang deployed sophisticated Ploutus malware.
This malware compromised the ATM operating systems at a hardware level.
The criminals installed backdoor commands to cash dispensing modules and created false logs to deceive bank employees.
Phase 3 – Cash Extraction
With the malware in place, the gang was ready for cash extraction.
They remotely triggered unauthorized cash dispensing, and the malware automatically deleted evidence after execution.
Teams extracted cash and disappeared within minutes, moving the money through pre-planned laundering routes.
The Money Trail
The stolen cash was laundered through a sophisticated network.
Couriers transported physical cash to Miami and Texas.
Funds were transferred via Cash App, Zelle, and Venmo, and laundered through shell companies.
Final deposits were made through cryptocurrency exchanges, ultimately reaching Tren de Aragua leadership back in Venezuela.
The Terror Connection
What elevates this case from a mere cybercrime to a national security threat is the federal prosecutors’ decision to charge it as material support to terrorism.
Under U.S. law, once stolen funds are knowingly routed to a designated terrorist organization, every participant faces terrorism charges, even if they never touched a weapon.
Tren de Aragua is classified as a transnational criminal organization with a terror designation.
The ATM theft operation directly funded their activities, including drug trafficking operations, Sєx trafficking networks, violent gang activities in U.S. cities, weapons smuggling, extortion, and kidnapping.
The Arrests
ICE and DEA executed coordinated raids across multiple states.
On December 9, 2025, the first wave of arrests saw 22 defendants taken into custody.
They faced charges ranging from conspiracy to provide material support to terrorists, bank fraud, burglary, and computer fraud violations.
A second wave of arrests occurred on October 21, 2025, resulting in 32 additional defendants being apprehended.
In total, 56 counts were filed, covering bank fraud, burglary, computer damage charges, and coordinated financial crime.
Key Arrest: Anderson Zambrano Pacheco
Among those arrested was Anderson Zambrano Pacheco, a 25-year-old believed to be the top coordinator for the operation.
He was already wanted for burglary and home invasion in Colorado, with additional charges of kidnapping, extortion, and menacing.
Phone records linked him to multiple arrested crews, and his travel matched jackpotting windows across states.
The Broader Implications
The implications of this operation extend far beyond the immediate financial losses incurred by banks.
It raises critical questions about the security of our financial infrastructure and the extent to which organized crime and terrorism can exploit vulnerabilities.
As federal law enforcement agencies continue to investigate, the public is left to wonder how many more terror cells may be operating in U.S. cities.
This case serves as a stark reminder of the interconnectedness of cybercrime and terrorism, and the urgent need for enhanced security measures in our financial systems.
Conclusion
As the investigation continues, and with four suspects still at large, the urgency for a comprehensive response to such threats has never been clearer.
The American public must remain vigilant as law enforcement agencies work tirelessly to dismantle these criminal networks.
The story of Tren de Aragua is not just a tale of theft; it is a wake-up call to the realities of modern crime and the dangers that lurk in the shadows of our digital age.
For those who support ICE operations and advocate for stronger border security, this incident underscores the importance of addressing the root causes of such criminal activities.
As we look to the future, it is imperative that we remain informed and engaged in discussions about national security and the ongoing battle against terrorism.
The stakes have never been higher, and the need for vigilance has never been more pressing.
Stay tuned for further updates on this developing story.
Call to Action
Subscribe for daily federal law enforcement coverage and engage in the conversation about border security.
Your thoughts and support are crucial as we navigate these complex issues that affect every American.
Together, we can work towards a safer and more secure future.
