‘Crypto mining can be a lucrative post-compromise activity in cloud environments’: Experts warn AI gateways connected to Amazon Bedrock are being hijacked to steal cryptocurrencies



  • Darktrace reports cryptojacking via a compromised AI gateway (LiteLLM‑Proxy on AWS Bedrock), breached via exposed SSH, and abused with XMRig mining
  • The attackers also displayed suspicious IAM activity, hinting at possible misuse of cloud credentials, with connections traced back to Vietnam.
  • Experts warn that AI gateways concentrate privileged access, urging strict port closures, least-privileged roles, and control plane monitoring to reduce the blast radius.

If you’re using AI gateways as part of your tech stack, be careful: They’re being exploited in cryptojacking attacks, experts warned.

Cybersecurity researchers Darktrace have published a new report about a cloud-hosted AI gateway, connected to Amazon Bedrock, that was compromised and used for cryptocurrency mining.

Leave a Comment

Your email address will not be published. Required fields are marked *