Skip to main content
  1. Home
  2. Computing

An Amazon crypto scam left its victim with a $45,000 bill

Alex Blake
By

What’s on your wish list this holiday season? We’d hazard a guess that it does not include a $45,000 bill caused by your Amazon Web Services (AWS) account getting hacked. Yet that’s exactly what happened to one unfortunate soul this December.

Jonny Platt, founder of SEO Scout, was the unlucky recipient of this most unwelcome Christmas gift. As detailed on Twitter, Platt woke up one morning to find their AWS account had been hijacked and had been mining the Monero cryptocurrency for the past several weeks. The resulting charge was that eye-watering $45,000 fee.

Cryptocurrency mining rig from computer graphic cards
Getty Images

The hack was not particularly advanced, and worked by installing a mining script that ran on the AWS Lambda platform. Every three minutes, it would install itself in a different Lambda instance and continue mining for 15 minutes at a time (the maximum allowed on Lambda). That allowed it to operate concurrently on several Lambda instances, maximizing its crypto harvesting.

Related

At least, that’s what you would think. But it turns out that all that effort — and that enormous bill Platt was faced with — only managed to mint six XMR (the code for Monero coins). The total dollar value? A paltry $800.

Recommended Videos

Getting an $800 return on your $45,000 investment doesn’t exactly seem like a sound business plan. But when you’re getting someone else to foot the bill without them even realizing, problems like that don’t really matter.

🎄 Excited to announce I just received my Christmas present from @awscloud!

😱 Horrified to see it's $45,000 in charges due to some scammer hacking my account + mining Crypto for the last few weeks

⏰ Had no sleep last night. It's now 23 hrs since my support ticket & no reply.

— Jonny Platt (@jonnyplatt) December 14, 2021

As Platt pointed out, what’s worse is that the scam could have been easily spotted by Amazon. The mining script was an unencrypted plain text file, so all AWS needed to do was scan for certain well-known lines in its code that are used by other similar hacks — Platt gave the example of “xmrig” — to get suspicious and suspend the script. Apparently, that never happened.

In the end, it took Amazon 27 hours to reply to Platt’s complaint. Considering the incredible increase in Platt’s monthly AWS spend (150,000%, he estimates), that’s a long time to wait for help. And despite the lengthy wait time, Platt says there’s still no solution — AWS is monitoring his account for 24 hours, after which, the case will be sent to the billing department for review, which he believes can take several days. A quick fix, it ain’t.

Amazon finally called after 27 hrs, no doubt thanks to the attention this got.

The agent was kind, but AWS' processes means I must wait another 24hrs of 'monitoring' before the case is sent to billing 'for review', which can take days

Knowing I'm not alone really helps, thanks

— Jonny Platt (@jonnyplatt) December 14, 2021

If you’re an AWS customer, this whole saga should serve as a reminder to check your settings and ensure your account is secure. And it doesn’t hurt to keep an eye on your bank balance for any suspicious outgoings. As cryptocurrencies continue to grow — and GPU makers release more graphics cards aimed at miners — this kind of scam could become all too common.

Editors' Recommendations

Topics
Alex Blake
Alex Blake
Computing Writer
In ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
Memorial Day sales knock $230 off the Surface Pro 7+ with Type Cover
The Microsoft Surface Pro 7+ in laptop form, on a desk.

With so many great deals on Memorial Day, it's the perfect time to pick up a Microsoft Surface Pro laptop. Not only is it great for general business and school use for productivity, but it's also powerful enough that folks have used it for editing work like music production. As such, it's no surprise that we've put it on both our best tablet deals and best laptop deals lists for its versatility and powerful specifications under the hood. Even slightly older versions, such as the Microsoft Surface Pro 7+, are still relatively powerful, and you can get quite a good deal on them since they're not newly released.

During the current Memorial Day sales, you can grab a Surface Pro 7+ with a typing cover for just $700 at Best Buy, rather than the usual $930 it goes for, a significant $230 discount. That's a great deal for a device with a relatively modern and entry-level desktop CPU, a good amount of RAM, and one of the best touchscreen experiences on the market. It's also quite solidly built and not too heavy, so if you prefer a more handheld and tablet-like experience, a Surface Pro is the way to go.

Read more
This deal saves you over $500 on an RTX 3060 gaming laptop
A top down look at the new ROG Zephyrus G14.

If you're going to make an investment in gaming laptop deals, you'll want to get a machine like the Asus ROG Zephyrus G15, especially now that it's on sale from Best Buy with a $520 discount. From its original price of $1,620, you can get it for $1,100, which is still expensive but rest assured that you'll be getting your money's worth with its performance. You'll have to complete your purchase quickly though, because the offer may no longer be available tomorrow.

Why you should buy the Asus ROG Zephyrus G15 gaming laptop
Our roundup of the best gaming laptops gives multiple spots to devices from the Asus ROG brand, so you know that you'll be getting a top-quality product when you purchase the Asus ROG Zephyrus G15. It's got what it takes to run the best PC games at their highest settings with its AMD Ryzen 9 6900HS processor and Nvidia GeForce RTX 3060 graphics card, plus 16GB of RAM that's enough for the vast majority of gamers, according to our guide on how much RAM do you need. If you find yourself immersed in whatever you're playing, don't worry because the ROG Intelligent Cooling system will prevent overheating.

Read more
Save over $100 on this SanDisk rugged 2TB external SSD
SanDisk Extreme Portable SSD sitting next to keys.

Whether it's important files for work or memorable photos and videos of your personal life, you'll want to keep them in a durable storage device like the SanDisk Extreme Portable SSD. If you don't own an external SSD like this one yet, here's your chance to buy it for nearly half its original price as the 2TB model is on sale from Best Buy for $122 instead of $225, for savings of $103. You shouldn't waste time thinking about it as the deal may disappear at any moment, after which we're not sure when it will return.

Why you should buy the SanDisk Extreme Portable SSD 2TB
The SanDisk Extreme Portable SSD is a rugged external SSD that's built to protect all kinds of digital files. It's the SanDisk Extreme Pro with data transfer speeds of up to 2,000 MBps that's featured in our roundup of the best external hard drives as the best portable external hard drive, but the SanDisk Extreme is practically the same portable SSD, albeit with read speeds of up to 1,050 MBps and write speeds of up to 1,000 MBps. The speed difference is an acceptable trade-off for the lower price of the SanDisk Extreme, though it will still be pretty quick for most people since SSDs can process data faster than HDDs, according to our guide on how to buy an external hard drive.

Read more