Atomic Locks not working properly?

My site is having issues with Race Conditions, and I've tried using atomic locks to prevent such issues - however the locks just aren't functioning for me in most cases at all. Allowing the race conditions to continue and for the scripts to be exploitable, which is not ideal.

For example:

$lock = Cache::lock('withdraw_bank_' . Auth::id(), 10);

		if(!$lock->get())
		{
			return redirect()->back()->withErrors(['withdrawal' => 'Moving too quickly for the bank teller to properly help you. Slow down.']);
		}

		$user = Auth::user();

		$validate = $request->validate([
			'withdrawal' => ['integer', 'min:0', 'max:' . $user->bank_balance, function($attribute, $value, $fail) use ($user) {
				if($user->times_withdrawn >= 15) {
					$fail('You\'ve already withdrawn enough times today!');
				}
			}]
		]);

		$user->bank_balance -= $request->post('withdrawal');
		$currency_control->addCurrency(Auth::user(), 1, $request->post('withdrawal'));
		$user->times_withdrawn++;
		$user->save();
		$lock->release();

		return redirect()->back();

To my knowledge this should make the code atomic - and protect against race conditions. So when multiple requests are sent to withdraw the balance, the validations won't be out of date and cause issues.

However when I test it (sending roughly 25 requests in at the same time) it fails and ends up withdrawing multiple times - causing balance duplication.

Sometimes it seems to work - giving the error as it properly should, however even one slip up causes an issue so I'm wondering if i'm just not coding it in correctly or if it's a server setting issue or something. Would love if someone could shed some light on this.

I am using a NTS PHP as that's what the server LAMP stack came with, and I was hoping to avoid having to rebuild it into a TS PHP as it might break things and I'm not too good on server ops myself, so if anyone could point out where I'm going wrong or any other solutions it would be amazing. Thank you.