Cashout | Intel471 Skip to content


The process of transferring illicit proceeds to a threat actor or designated representative. Common methods include ATM withdrawals, purchasing digital currencies, transferring funds to online payment platforms or buying goods or gift cards. Typically at the final stage of a fraudulent scheme.
Homepage slide 1
7 cashout

A "Cashout" refers to the process of transferring illicit proceeds to a threat actor or designated representative. Common methods include ATM withdrawals, purchasing cryptocurrencies, transferring funds to online payment platforms, or buying goods or gift cards. A cashout typically occurs at the final stage of a fraudulent scheme.

How do Cyber Attackers Cash-Out after Large Scale Heists?

Cybercriminals often use Bitcoin to transfer stolen funds because Bitcoin is highly anonymous, decentralized, and extremely difficult to trace.

What is Money Laundering in Cyber Crime?

Money laundering in cybercrime refers to using digital currency for illegal activities, including cryptocurrencies like Bitcoin to buy drugs (or any other unlawful activity) on various marketpalces, launder stolen funds, and fund terrorist organizations or criminal activities.

What is the ATM Cash-Out Scheme?

ATMs are frequently the most convenient way for bank customers to withdraw cash funds from their bank accounts. Similarly, criminals use ATMs as a convenient way to finalize increasingly complex schemes to steal funds from banks and their customers. Since ATMs are limited in the number of funds available for withdrawal at any time, typical methods involve multiple ATMs and hired hands, or "money mules," then retrieve the money on behalf of the frequently organized hacker groups.

An unlimited number of withdrawals can be made from the same account at different ATMs. The money stolen is only limited by the amount in the account unless daily fund withdrawal amounts have been specified. Criminals may use ATMs alongside traditional methods of withdrawing funds, such as SWIFT. However, ATM cash-outs are usually viewed as the least traceable and most difficult to recover - and that's why it's the favorite choice of criminals.

In some instances, hackers can hack an ATM machine and take control of its software remotely. They might even change the PIN so that no one knows what it is. Then, when people try to withdraw their cards, the machines will accept those fraudulent requests without raising alarms. Once the hackers get enough money, they either destroy the evidence or sell it to others who want to hide their tracks.

Why Do Hackers Use Cryptocurrencies?

Cryptocurrencies have become popular among hackers due to several reasons:

  1. It allows for a high level of privacy. Unlike traditional banking methods where everything is traced back to you, cryptocurrency makes it impossible to track the origin of the funds. The only thing that matters is whether the sender was able to complete the transaction.

  2. It's Decentralized - There is no central authority controlling how much bitcoin should exist in circulation.


There are many ways for criminals to attack banks today. Some of these attacks are old, some new. But there are also many new ways for criminals to attack banking systems. Technology advances and the proliferation of AI have only made it more accessible. Banks that cannot keep pace with technological advancements are essentially bringing a knife into a gunfight.

Cybercriminals are exploiting the fact that we are all becoming familiar with new technology and using this familiarity to their advantage. These criminal enterprises are taking advantage of our unfamiliarity with new technology, such as mobile banking, to perpetrate online crimes and fraud.

In summary, a cash-out scheme is a scam that involves a cybercriminal who offers money in exchange for a person's personal information, such as bank account numbers, social security numbers, debit card, and credit card numbers, driver's license numbers, or any other type of personal identification number (PIN).