Why did I receive an Amazon GuardDuty CryptoCurrency finding type for my Amazon EC2 instance?

Last updated: 2020-03-24

Amazon GuardDuty detected a CryptoCurrency finding with my Amazon Elastic Compute (Amazon EC2) instance.

Short Description

The GuardDuty CryptoCurrency:EC2 finding type indicates that an Amazon EC2 instance is querying a domain name or IP address that is associated with cryptocurrency-related activity such as Bitcoin mining. If this behavior isn't expected, your Amazon EC2 instance might be compromised.

For additional information, see CryptoCurrency Finding Types.


Follow the instructions for remediating a compromised EC2 instance.

For additional information, see How Amazon GuardDuty Uses Its Data Sources.