AUSTRAC, Australia’s anti-money laundering and counter-terrorism financing regulator and financial intelligence unit, has refused to renew the registration of a crypto ATM operator and imposed strict conditions on others after uncovering “disturbing trends” in scam and fraud-related activity.
The number of crypto ATMs in Australia has surged from just 23 in 2019 to over 1,800 in 2024. With nearly 150,000 transactions processed annually, moving an estimated $275 million, AUSTRAC considers this channel a significant risk for money laundering and scam activity.
Following months of investigation by AUSTRAC’s Cryptocurrency Taskforce, the agency found that crypto ATMs are being exploited to target vulnerable users. Australians aged 60 to 70 emerged as the most frequent users. Data from nine major crypto ATM providers revealed that users over 50 accounted for nearly 72% of all transaction value, with 60 to 70 year-olds alone representing 29%. The Australian Federal Police also reported on 3 June 2025 that from January 2024 to January 2025, the Australian Cyber Security Centre received 150 reports of scams involving crypto ATMs with an estimated loss of approximately AU$3,000,000.
In response, AUSTRAC has introduced a set of mandatory safeguards for crypto ATM operators:
- $5,000 limit on all cash deposits and withdrawals per transaction;
- mandatory scam warnings displayed before transactions;
- enhanced customer due diligence obligations; and
- stronger transaction monitoring and reporting requirements.
These measures appear to have been imposed by way of conditions on the registration of crypto ATM operators under AUSTRAC’s powers in Section 76G of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act).
In a media release, AUSTRAC CEO Brendan Thomas has said that bad actors are to blame for the action taken by AUSTRAC.
The conditions are designed to help protect individuals from scams by deterring criminals from directing them to a crypto ATM, as well as to protect businesses from criminal exploitation,
This action draws a clear line in the sand and serves as a warning to other digital currency exchange providers that aren’t meeting their responsibilities under the AML/CTF Act.
While the $5,000 cash limits only relate to crypto ATM providers, AUSTRAC expects digital currency exchange providers to consider imposing similar limits if they accept cash for crypto transactions.
The Chair of the Digital Economy Council of Australia, Paul Derham pushed back on suggestions that crypto ATMS are inherently problematic, noting that some users have resorted to ATMs following tighter restrictions on electronic payments to cryptocurrency exchanges among banks.
AUSTRAC is following in the footsteps of the UK’s Financial Conduct Authority which had cracked down on the sector recently touting its success driving crypto ATMs out of the country. However, crypto ATMs are also in wide usage in a number other countries.
While crypto ATMs themselves are not inherently problematic, this nuance appears to be have been lost in the headlines. AUSTRAC’s targeted action against crypto ATMs is signal of increased scrutiny of the sector generally following on the footsteps of its recent “use or lose it” campaign against DCEs. AUSTRAC has also been involved in a number of recent criminal enforcement actions involving cryptocurrency. In that context, and given the introduction of the enhanced VASP regime scheduled for 2026, DCEs should adopt a proactive approach in reviewing their AML/CTF risk assessments and commencing preparations for the new regime.
