Amazon Web Services (AWS) customer, Jonny Platt, founder of SEO Scout, had a bad time when he got an uninvited bill for $45,000 for renting computing power from Amazon’s cloud-based servers.
🎄 Excited to announce I just received my Christmas present from @awscloud!
😱 Horrified to see it's $45,000 in charges due to some scammer hacking my account + mining Crypto for the last few weeks
⏰ Had no sleep last night. It's now 23 hrs since my support ticket & no reply.
— Jonny Platt (@jonnyplatt) December 14, 2021
Further examination revealed that the customer’s account was hacked, allowing bad actors to use AWS servers to run crypto mining software for Monero (XMR) a privacy-focused coin.
The unidentified group was able to hack Platt’s AWS account and used it to mine for several weeks. As a result, the company billed Platt $45,000.
The hackers launched a mining script on AWS Lambda. Every three minutes, the script launched itself on different AWS servers around the globe and mined Monero for the maximum allowed 15 minutes. Collectively, the hackers mined 6 XMR (about $800).
Platt is confident that Amazon can easily detect if something is wrong.
“The script was an unencrypted text file, and AWS could easily find lines of code used in similar attacks in it to suspect something was wrong,”
However, Amazon responded to the Platt complaint and dropped all expenses as a one-time exception.