The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has issued a critical warning about the exploitation of convertible virtual currency (CVC) kiosks by criminal organizations.
Released on August 4, 2025, the advisory highlights how these cryptocurrency ATMs, while designed as convenient access points for legitimate users, have become significant vectors for fraudulent activities and money laundering operations.
FinCEN Director Andrea Gacki emphasized the escalating threat, stating that criminals have adapted to exploit innovative technologies like CVC kiosks for financial theft.
The warning comes as federal agencies observe a concerning rise in scam payments processed through these automated terminals, particularly targeting vulnerable populations including older adults.
The illicit activities encompass three of FinCEN’s Anti-Money Laundering and Countering the Financing of Terrorism National Priorities: fraud, cybercrime, and drug trafficking organization operations.
The regulatory notice specifically identifies tech support scams, customer support fraud, and bank imposter schemes as prevalent attack vectors utilizing CVC kiosks.
FinCEN analysts identified that these scams disproportionately impact elderly consumers who may be less familiar with cryptocurrency technologies, making them prime targets for sophisticated social engineering attacks.
The criminals exploit the relative anonymity and irreversible nature of cryptocurrency transactions to maximize their illicit gains while minimizing detection risks.
Regulatory Compliance and Detection Mechanisms
The Treasury’s warning emphasizes that the risk of illicit activity is significantly amplified when CVC kiosk operators fail to meet their obligations under the Bank Secrecy Act (BSA).
Financial institutions are urged to implement enhanced monitoring protocols and report suspicious activities involving these kiosks.
The notice provides specific red flag indicators that institutions should monitor, including unusual transaction patterns, frequent high-value purchases by the same individuals, and transactions that appear inconsistent with customer profiles.
FinCEN’s directive reinforces the critical role of financial institutions as partners in safeguarding the digital asset ecosystem while maintaining legitimate access for consumers and businesses operating within regulatory compliance frameworks.
Equip your SOC with full access to the latest threat data from ANY.RUN TI Lookup that can Improve incident response -> Get 14-day Free Trial
