Crypto ATM Scams Cost Americans $388 Million in 2025
Key Takeaways
- Americans lost $388 million to crypto ATM scams in 2025, a 58% increase from 2024
- Victims over 50 filed more than half of complaints and lost $302 million
- Minnesota, Indiana, and Tennessee have banned cryptocurrency kiosks statewide
Americans lost over $388 million to scams involving cryptocurrency ATMs last year, according to new FBI data released Friday. That's a 58% jump from 2024, with complaints rising 23% to more than 13,400.
The numbers come from the FBI's Internet Crime Complaint Center (IC3), which tracks cyber-enabled crimes across the country. Crypto kiosks, those standalone machines found in gas stations and convenience stores, have become a favorite tool for scammers who walk victims through depositing cash that gets converted to cryptocurrency and sent to attacker-controlled wallets.
Older Americans Hit Hardest
The FBI's data paints a clear picture of who these scams target. More than half of the complaints came from people over 50 years old. That group lost $302 million, nearly 78% of the total.
Texas, Florida, and California topped the list for complaints. Residents of those three states filed over 3,300 reports and lost an estimated $112 million combined.
The scams follow a predictable script. Criminals provide detailed instructions, telling victims how to withdraw cash from their bank, locate a nearby kiosk, and deposit funds using a QR code. The cryptocurrency transfers instantly to wallets the criminals control, making recovery nearly impossible.
States Start Banning Crypto Kiosks
The surge in losses has prompted state-level action. Minnesota banned cryptocurrency kiosks statewide earlier this month. Indiana passed similar legislation in March, followed by Tennessee in April.
The machines themselves aren't illegal in most places, but they've become a weak link in fraud prevention. Some kiosks require identity verification to comply with anti-money laundering rules. Many do not. That inconsistency makes them attractive to criminals who need untraceable payment methods.
How the Scams Work
Most crypto ATM scams start with a phone call, email, or online message. The criminal poses as a government official, tech support agent, or romantic interest. They create urgency, claiming the victim owes taxes, has a compromised computer, or needs to protect their savings.
The victim is then walked through converting cash to cryptocurrency at a nearby kiosk. Unlike wire transfers or credit card payments, crypto transactions can't be reversed. Once the money moves to the scammer's wallet, it's gone.
FBI's Protection Recommendations
The FBI offered several steps to avoid becoming a victim:
- Never send money to someone you only know online
- Don't scan QR codes or follow payment instructions from unknown individuals
- Verify phone calls directly by hanging up and calling the organization's official number
- Never share personal information over the phone with unexpected callers
- Be skeptical of anyone claiming to be from the government who demands cryptocurrency payments
- Stop the transaction if a kiosk operator warns you of potential fraud
- Keep receipts for all cryptocurrency transactions
That last point matters. Kiosk operators sometimes recognize scam patterns and warn users. Ignoring those warnings has cost victims thousands.
Part of a Larger Problem
Crypto ATM scams are one piece of a much larger cybercrime picture. The FBI's 2025 Internet Crime Report shows the IC3 received over 1 million complaints last year. Total losses from cyber-enabled crimes, including investment scams, tech support fraud, and business email compromise, reached nearly $21 billion.
Investment scams remain the costliest category. Tech support fraud and business email compromise also drive significant losses. But the 58% year-over-year increase in crypto kiosk losses signals a specific problem that's getting worse, not better.
Logicity's Take
Frequently Asked Questions
What is a crypto ATM scam?
Criminals convince victims to withdraw cash from their bank and deposit it into a cryptocurrency kiosk. The machine converts the cash to crypto and sends it to wallets the scammers control. The transactions are irreversible.
Which states have banned crypto ATMs?
Minnesota banned cryptocurrency kiosks statewide in May 2026. Indiana passed similar legislation in March, and Tennessee followed in April.
Why are older adults targeted in crypto ATM scams?
People over 50 may be less familiar with cryptocurrency mechanics and more likely to trust callers claiming to be government officials. They also often have more savings to steal. This group filed more than half of complaints and lost $302 million in 2025.
Can I get my money back after a crypto ATM scam?
Recovery is extremely difficult. Cryptocurrency transactions can't be reversed like credit card charges or wire transfers. Once funds reach a scammer's wallet, they're typically moved through multiple accounts and converted to cash quickly.
How do I report a crypto ATM scam?
File a complaint with the FBI's Internet Crime Complaint Center at ic3.gov. Include all transaction receipts, communication records with the scammer, and details about which kiosk you used.
Need Help Implementing This?
Source: BleepingComputer
Manaal Khan
Tech & Innovation Writer
Related Articles
Browse all
Kraken Crypto Exchange Extortion: Hackers Threaten to Leak Internal Videos After Insider Breach
Cryptocurrency exchange Kraken is being extorted by hackers who obtained videos of internal systems through bribed support employees. The company says no funds were compromised and refuses to pay, with only about 2,000 accounts affected. Kraken is working with federal law enforcement to prosecute everyone involved.
Windows 11 KB5083769 and KB5082052: April 2026 Patch Tuesday Brings Smart App Control Changes and Security Fixes
Microsoft's April 2026 Patch Tuesday updates are now live for Windows 11, bringing critical security patches alongside a welcome change to Smart App Control. You can finally toggle SAC on or off without wiping your entire system. The updates cover versions 23H2, 24H2, and 25H2.
Zero Trust Identity Security: 5 Ways This Framework Actually Stops Credential Theft
Stolen credentials caused 22% of breaches in 2025, making them the top attack vector. Zero Trust promises to fix this, but only when it's built around identity as the core principle. Here's how organizations can implement it properly.
Open Source PR Backlogs: Why Your GitHub Contribution Sits Unreviewed for a Year
A developer's Jellyfin pull request has been waiting over a year for merge despite two approvals, exposing a systemic crisis in open source maintenance. Queuing theory explains why backlogs grow exponentially, and 60% of maintainers have quit or considered quitting due to burnout.
Also Read
Subnautica 2 Won't Add Combat Despite Player Requests
Unknown Worlds has responded to player demands for weapon-based combat in Subnautica 2, confirming the feature won't happen. The studio says the game's identity depends on vulnerability and survival, not domination. Instead, patches will improve how existing defensive tools work.
GitHub Breach: 3,800 Internal Repos Stolen via VS Code Extension
Hackers compromised a GitHub employee's device through a malicious VS Code extension, stealing data from thousands of internal repositories. The Microsoft-owned platform says customer data remains unaffected, but the investigation continues. A hacking group called TeamPCP claims responsibility and is reportedly selling the stolen code.
Samsung Strike Threatens Global Chip Supplies and AI Growth
Samsung Electronics workers began an 18-day strike Thursday after wage negotiations collapsed. The walkout at one of the world's largest memory chip producers could drive up semiconductor prices and delay AI infrastructure investments globally.