Crypto Scammer Hacks an Amazon Account, Leaving a $45,000 Bill to the Victim

An Amazon hacker was busy crypto mining using someone else’s account, and by the time the owner realized what was going on, the thief had left a $45,000 charge.

This month, Jonny Platt, the creator of SEO Scout, received the most unwanted Christmas present. Platt awoke one morning to discover that their Amazon Web Services, or AWS, account had been compromised.

The hacker had been mining the Monero cryptocurrency for several weeks, according to Twitter. The crypto fraudster demanded $45,000 from Platt.

Crypto Scammer Hacks an Amazon Account, Leaving a $45,000 Bill to the Victim  - 24HTECH.ASIA

The hack was straightforward because it simply required the installation of a mining script that ran on AWS Lambda’s infrastructure. It would install itself in a different Lambda instance every three minutes and mine for 15 minutes at a time, the maximum allowed on Lambda.

This enabled the hacker to launch many Lambda instances at the same time, allowing them to maximize their cryptocurrency harvesting.

For a moment, you may believe that the crypto harvest would benefit Platt, but that wasn’t the case because the scammer’s efforts, combined with the hefty expense the victim had to confront, only resulted in the issuance of six XMR, which refers to the code for Monero coins. The entire monetary worth was roughly $800.

For an investment that has risen to up to $45,000, a $800 return is not acceptable. Using someone else’s identification to pay the bill, on the other hand, will automatically remove the burden off your shoulders.

Amazon’s Lack of Priority

Platt was concerned that Amazon should have spotted the scam because the mining software was merely a plain text file that was not encrypted. AWS was forced to scan the lines of code, which is highly likely to have already existed in previous scamming situations.

Platt even included an example of ‘xmrig’ to elicit suspicion and suspend the hacker’s script. Amazon, on the other hand, turned a blind eye.

After everything that happened, it took Amazon more than a day to respond to Platt’s complaint. With Platt’s monthly AWS spending increasing by an estimated 150,000 percent, the response time provided by Amazon was lengthy.

Worse, AWS did not provide a solution. Amazon was still monitoring his account for a day before sending the case to the billing department for a thorough review. All of this, according to Platt, will take several days, and there will be no quick remedy.

This article is merely one of a few incidents of crypto mining frauds, so if you don’t want to end up like Platt. This is a reminder to check your AWS account on a regular basis and keep a watch on your money balance for any unusual activity. It’s never a bad idea to have extra security.