An Australian man discovered an "infinite cash withdrawal bug" in an ATM, rented a private jet, and booked a hotel, paying only the price of a year in prison.

In 2011, 29-year-old Australian bartender Dan Saunders exploited an ATM loophole, withdrawing approximately AUD 1.6 million over five months, becoming a notorious figure in the history of financial system vulnerabilities. Let's take a look at this story. (Background: Financial Times: US banking industry warns of "stablecoin bill" loophole, fearing $6.6 trillion in deposits could flee) (Context: Cold Wallet users beware! ESP32 chip vulnerability "can steal Bitcoin private keys" How to check if your device is at risk?) Did a cheat code for "infinite money" in a game find its way into reality? Let's revisit the ATM loophole incident in Australia before 2011, with the main character being Dan Saunders, a bartender from Victoria. At that time, his savings account held only "AUD 3", roughly equivalent to NT$120, but he discovered a loophole in the ATM's offline processing update window at dawn, deciding to withdraw about AUD 1.6 million in just five months, enjoying a brief life of extravagant wealth. He ultimately "smiled" his way to a one-year prison sentence, exposing the blind spots in the financial system, which still keeps banks and financial technology companies on alert, and showing how reckless a person can be when they do not consider the consequences. The ATM at midnight, his infinite cash faucet. The story begins after a dull night shift, when 29-year-old Saunders went to a nearby ATM intending to withdraw cash, even though his account balance was only AUD 3. After inserting his card, he saw the message "balance temporarily unavailable" on the screen. Saunders initially thought his balance was too low, so he tried to borrow money. When he transferred his credit limit to his savings account and attempted to withdraw, the screen displayed "transaction canceled", and then it dispensed the cash amount he requested, leaving him very puzzled. After repeated attempts and observations, Saunders discovered that between 1 AM and 3 AM daily, the ATM would first record transactions and then sync with the central database. As long as he performed the "transfer failure + cash withdrawal" combination during this period, the ATM would mistakenly believe there was still available credit in the account, which was a huge system bug. Starting with the first withdrawal of AUD 200, Saunders' greed grew like a bottomless pit, and he continued to withdraw money repeatedly, even with a zero balance, making the ATM his infinite money code. Over five months, he used the same method to transfer, withdraw, and then spend, while the bank had not noticed the negative balance. Drunk with wealth, then anxious. With unlimited money pouring into his pockets, Saunders immediately upgraded his ordinary life. He booked a private jet to invite friends for a vacation in Bali, rented an entire bar to cover the tab for strangers, helped friends pay tuition, and even booked hotel rooms for homeless people. Saunders held luxurious parties every night, and bank staff began to refer to him as "Sir", while those around him transformed into smiles. This is what Saunders looked like renting a private jet. Faced with sudden adoration from people, he was unable to sleep at night, knowing it was all due to the power of money. Saunders began to dream of being apprehended by police, waking up in a cold sweat. He started to question himself: was he still that bartender from the small town? Or had he become a character fleeing from a movie? He would ask himself in the mirror: Who am I? Am I Dan from Australia, or the guy from the movie who embezzled money and ran away? The rapidly expanding wealth amplified his fear and feeling of losing control. Ironically, during the time he was illegally withdrawing money, the bank took no action against the unusual transactions, further deepening his anxiety. Saunders began to suspect whether the bank was tacitly allowing him to continue withdrawing money until his account was suddenly frozen, at which point he would face harsher consequences. The psychological pressure on Saunders accumulated over time; the pleasure brought by money was quickly replaced by guilt and anxiety. A one-year sentence, he returned to being an ordinary person. In June 2011, Saunders chose to stop and contacted the bank, only to learn that the case had been handed over to the police for investigation. That same year, Saunders sought help from a psychiatrist, and for the next two years, he awaited the bank's investigation results. He couldn't take it anymore, and after making a decision, he contacted the media and publicly revealed the entire process of his "crime", which naturally led to his arrest. Saunders demonstrated to the media how he had stolen cash. When he went to trial, the judge and prosecution struggled to understand the complexity of his ATM theft, and the bank lacked complete records (because that was the loophole), causing legal proceedings to become stuck at one point. Finally, Saunders pleaded guilty and was sentenced to one year in prison and 18 months of mandatory community service. After reflecting during his time in prison, he returned to bartending at a wage of AUD 22 per hour, and the stark contrast made him admit in the media, "If I had run away back then, maybe the outcome would have been better," but he also acknowledged that this experience proved that money could not buy stability. From ATM to on-chain security reminders. This incident raised three serious questions for the financial industry: real-time monitoring, abnormal pattern recognition, and emergency freeze mechanisms. Although it occurred in a traditional ATM, the essence of the loophole is similar to today's common flash loan arbitrage or cross-chain bridge attacks in the blockchain world, where attackers exploit system time differences or rule gaps to quickly move funds before synchronization is completed. As services become fully cloud-based, banks and financial technology companies must implement artificial intelligence and machine learning to detect anomalies immediately through behavioral fingerprints, transaction relationship graphs, etc., and freeze suspicious accounts in milliseconds to fill in gaps similar to "dormancy periods". For the general public, this story reminds us that the cost of facing the temptation of ill-gotten gains often exceeds our imagination. Technical vulnerabilities can be patched, but human nature needs to be safeguarded by oneself. Nearly a decade has passed since the incident, and Saunders has returned to a normal life; he occasionally appears on interview programs and provides business consulting with friends. Here is his Instagram account. In a podcast, Saunders candidly said that he occasionally thinks back to that late night, when the first banknote was dispensed from the ATM. Related reports: Under the "absolute red line" of national financial sovereignty, the dilemma and future of the digital renminbi. Cryptocurrencies are not "Web 3.0" but rather a financial revolution of "Capitalism 2.0". Surpassing humanity's ten-thousand-year consensus and mindset: Why Bitcoin is a better "gold". This article titled "Australian Man Discovers ATM 'Infinite Withdrawal Bug', Rents Private Jet and Covers Hotel, Cost Only One Year in Jail" was first published in BlockTempo, the most influential blockchain news media.