Why did I receive an Amazon GuardDuty CryptoCurrency finding type for my Amazon EC2 instance?
Last updated: 2020-12-09
Amazon GuardDuty detected a CryptoCurrency finding with my Amazon Elastic Compute Cloud (Amazon EC2) instance.
Short description
The GuardDuty CryptoCurrency:EC2 finding type indicates that an Amazon EC2 instance is querying a domain name or IP address that is associated with cryptocurrency-related activity such as Bitcoin mining. If you don't expect this behavior, it might be a result of unauthorized activity on your account.
For more information, see CryptoCurrency:EC2/BitcoinTool.B!DNS.
Resolution
Follow the instructions to identify and stop unauthorized activity for the EC2 instance.
For more information, see How Amazon GuardDuty uses its data sources.
Related information
Did this article help?
Do you need billing or technical support?