Technology 5 min read

How Hackers Used Amazon Web Services to Mine Bitcoin

Sundry Photography /

Sundry Photography /

Hackers just found an easy way to mine Bitcoins: by hijacking the Amazon Web Services computing resources.

Last week, the cloud-based computing network of Amazon, Amazon Web Services (AWS), was reported to have been breached by unknown hackers. The hacking incident was confirmed by the security intelligence group RedLock, a California-based cloud threat defense company that monitors not just AWS, but Microsoft Azure and Google Cloud Platform as well.

Because Bitcoins can help prop up startups and cutting-edge tech projects via an ICO (or initial coin offering, learn more here), each time cryptocurrencies are exploited the entire tech startup world holds its breath.

A report released by the security firm outlined how some administrative consoles of AWS, Azure, and Google cloud were not password protected, potentially exposing them to any cyber attack. The report also revealed how the AWS computing resources had been exploited to mine Bitcoins. RedLock also named two companies impacted by the breach. A part of the report read:

“The RedLock CSI team recently exposed hackers that were using organizations’ AWS computing resources to mine Bitcoins. The impacted organizations included large multinational corporations such as Aviva and Gemalto.”

RedLock also pointed out that the attacks came at a time when nation-state hackers are stealing Bitcoins.

“Given the concerns around nation-state hackers stealing bitcoins to fund political campaigns, it is important to deconstruct the kill chain of this attack and proactively implement measures to defend against advanced cloud threats.

It should be remembered that last month, South Korean authorities confirmed that North Korean hackers are targeting Bitcoin exchanges in the country to steal digital currency for the regime.

#AmazonWebServices was reportedly used by hackers to mine #Bitcoin! #HackingClick To Tweet

How Hackers Infiltrated Amazon Web Services

According to RedLock, they started investigating potential breaches in Amazon Web Services, Microsoft Azure, and Google cloud security when they discovered that a number of Kubernetes administrative consoles deployed on the three cloud platforms were not password protected.

Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications.

Kubernetes Architecture
Kubernetes Architecture | The New Stack |

RedLock further emphasized that the security lapses on the said consoles created a window of opportunity for hackers, citing the possibility of misconfiguration exposure should configuration monitoring solution be put in place.

A more in-depthanalysis of the situation led the RedLock CSI team to the discovery of a Bitcoin mining command used by hackers from one of the Kubernetes containers, successfully turning it into a parasitic bot.

“Upon deeper analysis, the team discovered that hackers were executing a Bitcoin mining command from one of the Kubernetes containers. The instance had effectively been turned into a parasitic bot that was performing nefarious activity over the internet. This highlights the need for effective network monitoring solutions in public cloud computing environments to detect suspicious activity.” ~ RedLock

If the discovery of the said security breach was not enough, the team also found access keys and secret tokens in plaintext within the unprotected Kubernetes instances. Apparently, this could allow hackers to access critical infrastructures and cause significant damage. The team went on to say:

“It is imperative to monitor public cloud computing environments to detect suspicious user activities.”

RedLock deemed the breach as proof that today’s cloud security needs a more holistic approach. “A combination of configuration, user activity, and network activity monitoring is necessary to detect these complex threats in public cloud computing environments.”

Implanting Tools to Mine Bitcoins

The hacking of the Amazon Web Services to mine Bitcoin is not the first incident of bitcoin miners implanting tools on unsuspecting victims for their mining activities.

Showtime Anytime, an Android app available at no extra cost as part of Showtime, and the infamous file-sharing site The Pirate Bay were reported last month running a crypto mining Javascript called CoinHive to mine Monero.

CoinHive Javascript miner used by The Pirate Bay
CoinHive Javascript miner used by The Pirate Bay | TorrentFreak |

It appears that utilizing website visitors’ CPU power to mine cryptocurrency would be an alternative solution being considered by the two websites to replace advertisements. Another popular script being used by hackers to mine Bitcoins is the JSECoin.

According to Bank InnovationKaspersky Lab and Bleeping Computer both reported that 1.65 million computers were infected with cryptocurrency mining malware during the first nine months of this year. Another report from Adguard also suggested that “2.2% of the top 100,000 on the Alexa list” host malware designed to mine cryptocurrency using a user’s PC.

Should governments impose stricter measures to regulate Bitcoin mining? Or should cloud computing services such as the Amazon Web Services be also held liable for any breach made through their platforms? Let us know your thoughts in the comment section below?

First AI Web Content Optimization Platform Just for Writers

Found this article interesting?

Let Chelle Fuertes know how much you appreciate this article by clicking the heart icon and by sharing this article on social media.

Profile Image

Chelle Fuertes

Chelle is the Product Management Lead at INK. She's an experienced SEO professional as well as UX researcher and designer. She enjoys traveling and spending time anywhere near the sea with her family and friends.

Comments (0)
Most Recent most recent
share Scroll to top

Link Copied Successfully

Sign in

Sign in to access your personalized homepage, follow authors and topics you love, and clap for stories that matter to you.

Sign in with Google Sign in with Facebook

By using our site you agree to our privacy policy.