Why did I receive an Amazon GuardDuty CryptoCurrency finding type for my Amazon EC2 instance?
Last updated: 2020-12-09
Amazon GuardDuty detected a CryptoCurrency finding with my Amazon Elastic Compute Cloud (Amazon EC2) instance.
The GuardDuty CryptoCurrency:EC2 finding type indicates that an Amazon EC2 instance is querying a domain name or IP address that is associated with cryptocurrency-related activity such as Bitcoin mining. If you don't expect this behavior, it might be a result of unauthorized activity on your account.
For more information, see CryptoCurrency:EC2/BitcoinTool.B!DNS.
Follow the instructions to identify and stop unauthorized activity for the EC2 instance.
For more information, see How Amazon GuardDuty uses its data sources.