The U.S. Treasury has issued a warning regarding cryptocurrency ATMs contributing to illegal activities.

The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has issued a significant warning regarding the misuse of Convertible Virtual Currency (CVC) kiosks by criminal organisations. Released on August 4, 2025, the advisory underscores how these cryptocurrency ATMs, intended for legitimate users, have become major conduits for fraudulent activities and money laundering. FinCEN Director Andrea Gacki highlighted the growing threat, noting that criminals have adapted to exploit innovative technologies like CVC kiosks for financial theft. The warning is particularly concerning as federal agencies report a rise in scam payments processed through these terminals, with vulnerable populations, especially older adults, being targeted. The illicit activities align with FinCEN’s Anti-Money Laundering and Countering the Financing of Terrorism National Priorities, including fraud, cybercrime, and drug trafficking operations.

The regulatory notice identifies prevalent attack vectors such as tech support scams, customer support fraud, and bank imposter schemes that utilise CVC kiosks. Analysts have found that these scams disproportionately affect elderly consumers, who may lack familiarity with cryptocurrency technologies, making them prime targets for sophisticated social engineering attacks. Criminals exploit the anonymity and irreversible nature of cryptocurrency transactions to maximise their gains while minimising detection risks. The Treasury’s warning stresses that the risk of illicit activity increases significantly when CVC kiosk operators do not comply with the Bank Secrecy Act (BSA). Financial institutions are urged to enhance monitoring protocols and report suspicious activities related to these kiosks, with specific red flag indicators provided for monitoring unusual transaction patterns and high-value purchases. FinCEN’s directive reinforces the essential role of financial institutions in safeguarding the digital asset ecosystem while ensuring legitimate access for consumers and businesses within regulatory compliance frameworks.