Hacker News new | past | comments | ask | show | jobs | submit login
Bitcoin mining? – Had to close my AWS account (nvenky.in)
35 points by nvenky on March 29, 2014 | hide | past | favorite | 21 comments

While I really feel badly for the person this happened to, I think we should stop expecting Amazon to foot the bill for these kinds of things. If I buy a new car and then leave the key sitting on the hood, I don't ask the car dealer to reimburse me when it gets stolen. Let's remember that Amazon is being incredibly generous by reimbursing users for these problems, but they should certainly not be expected to do so.

Exactly. The tl;dr; version seems to be:

"I stupidly uploaded my private Amazon keys to a public website and somebody used them and ran up a huge bill. It must be somebody else's fault, not mine"

Boo-fuckin-Hoo! —was there something put into the water supply about 10 years ago that removed the entire human race's ability to take responsibility for their own actions?

That is why AWS has billing alerts that will send you an email or text if you reach a predefined spending threshold. I had some trouble to find at first on their website so maybe it should be more visible.

The cool thing with Amazon is that they definitely pay attention to your opinion as a consumer. A few months ago, I sent an email to Jeff Bezos to complain about the Amazon Locker interface that I found cumbersome - it used to show you all lockers including the full ones and there was no way to see which ones you can actually deliver to - and his assistant answered and let me know that my message was forwarded to the appropriate team. They changed the interface a few weeks later. Maybe the author of this post should do the same.

> Bitcoin mining? – Had to close my AWS account

> I had to close my AWS account to stop further charges and sent an email to the support team and hoping that they would consider that my account was compromised. I am guessing it is bitcoin mining incident again.

1. Unconfirmed that it was Bitcoin mining

2. Chose to close AWS account

I've spent a large amount of time fending of bitcoin miners from abusing my site https://cloud.sagemath.com. I like the mathematics and promise of bitcoin, but in practice it is an enormous waste of resources (time, electricity, etc.).

How does the abuse on your site happen?

Probably from people wanting to take advantage of free computing power. From their website: Write, compile, and run code in most programming languages ... is a free service ... currently 288 cores, 1.2TB RAM

Amazon support is pretty good so you might be in luck and not get billed, especially since you caught it quick. I am sure you aren't the only person who was compromises like this.

Had to close the account? I thought it was pretty trivial to nuke your old keys and generate new ones on AWS.

It was my personal account which I was using for learning AWS. I did not have any apps running on that account. I initially deleted the keys and started terminating the instances. It was too exhausting to go through every region and terminate everything. So I ended up closing the account.

I also saw this in the wild today on a friend's aws account. Same instance size. Spot at $2. Just one instance fortunately.

The security group permitted SSH from three /24 netblocks.

I'm surprised that it was large instances instead of GPU instances. GPU would be much more profitable if you are mining a scrypt coin (or sha256 coin but that would be stupid because of ASICs).

Maybe it was some other type of coin (I'm not sure if primecoin is more CPU-friendly).

Note that the author is only assuming that bitcoin/altcoin mining was the intended goal of the attack.

Ouch. I'm sure Amazon will help him out..300/day is an expensive lesson to learn.

I hope so :) AWS was quick to send me the alert about unauthorised activity in my account

You drive in a city at night and see all these office floors fully lit, and you wonder how many employees are having their office computers on mining bitcoins?

What would be the current payout in Bitcoins for $300 per day approximately?

Mining a popular coin that doesn't have ASICs yet ... maybe $5/day, very rough estimate.

Even if it's a cent, who cares? This is just money laundering.

I don't think it's exactly money laundering.

It's like all theft. At low enough risk, the thief doesn't care what percentage of the value (of the $ charged) they recover. In this case, they are running very large CPU (not GPU) instances on someone else's dollar, not caring about the inefficiency of it because it can be automated and is difficult if not impossible to trace.

I was making a net profit for a while mining some scrypt based coins on AWS.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact