Why did I receive an Amazon GuardDuty CryptoCurrency finding type for my Amazon EC2 instance?

Last updated: 2020-12-09

Amazon GuardDuty detected a CryptoCurrency finding with my Amazon Elastic Compute Cloud (Amazon EC2) instance.

Short description

The GuardDuty CryptoCurrency:EC2 finding type indicates that an Amazon EC2 instance is querying a domain name or IP address that is associated with cryptocurrency-related activity such as Bitcoin mining. If you don't expect this behavior, it might be a result of unauthorized activity on your account.

For more information, see CryptoCurrency:EC2/BitcoinTool.B!DNS.

Resolution