An Amazon hacker was busy crypto mining using someone else’s account, and by the time the owner figured it out, the hacker had already left a $45,000 bill.
Jonny Platt, the founder of SEO Scout, was the unfortunate recipient of this most unwelcome Christmas present this month. Platt awoke one morning to find their Amazon Web Services or AWS account had been hacked.
As detailed on Twitter, the hacker had been mining the Monero cryptocurrency for several weeks. The crypto scammer left Platt an eye-watering $45,000 fee.
🎄 Excited to announce I just received my Christmas present from @awscloud!
— Jonny Platt (@jonnyplatt) December 14, 2021
😱 Horrified to see it's $45,000 in charges due to some scammer hacking my account + mining Crypto for the last few weeks
⏰ Had no sleep last night. It's now 23 hrs since my support ticket & no reply.
The hack was simple since it only involved the installation of a mining script that ran on AWS Lambda’s platform. It would install itself in a different Lambda instance every three minutes and mine for 15 minutes at a time, which is the maximum period allowed on Lambda.
This allowed the hacker to run multiple Lambda instances concurrently, leading them to maximize their crypto harvesting.
For a while, you might think that the crypto harvest will be of benefit for Platt, but that wasn’t the case because all that effort the scammer had done, alongside the huge bill the victim had to face, only minted six XMR, which refers to the code for Monero coins. The total dollar value was approximately no more than $800.
For an investment that skyrocketed for up to $45,000, an $800 return is not something you can get over with. However, to release the weight off your shoulder, using someone else’s identity to foot the bill will automatically wipe the problems away.
Amazon’s Lack of Urgency
Platt’s main concern was that Amazon itself should’ve already detected the scam since the mining script was only a plain text file that is unencrypted. AWS had to scan the lines in the code, which has a high possibility that it already exists in similar scamming cases.
Platt even offered an example of ‘xmrig’ to obtain suspiciousness to suspend the script used by the hacker. However, Amazon turned a blind eye.
After all the fiasco that took place, it took Amazon more than a day to reply to the complaint sent by Platt. With Platt’s incredibly increasing spending cost on AWS every month, for an estimated 150,000%, the time of response Amazon gave was a long wait.
What’s worse is that AWS gave no solution. Until now, Amazon was still monitoring his account for a day, then the case will be sent to the billing department for a detailed review. Platt believes all of these will take several days, and there’s no way a quick fix can take place.
This report is only one of the few cases of crypto mining scams, so if you don’t wish to share the same fate as Platt. This is a reminder to regularly check your AWS account and keep a close eye on your financial balance for suspicious activities. Additional security won’t hurt too.
By Thea Felicity, Tech Times