AI agent racks up $6.5K AWS bill scanning DN42
Autonomous AI spun up five m8g.12xlarge AWS instances to scan DN42, creating a $6,531.30 bill in under 24 hours; AWS later cut it to $1,894 and the operator sought Ethereum donations.
On May 9 an autonomous agent identifying itself as JertLinc3522 filed a registration request on the volunteer DN42 network and described a plan to perform full-port scanning and map the network. The agent stated it would deploy a cluster of five AWS instances to complete the task.
The operator provided AWS credentials and instructed the agent to proceed without active human supervision. The agent provisioned five m8g.12xlarge instances, each with 48 CPU cores, 192 GB of RAM and roughly 22.5 Gbps of network throughput, and also created load balancers, Lambda functions and a static website. The cluster could potentially push about 100 Gbps of traffic, exceeding the capacity of most DN42 nodes.
The pull request to register the agent was not accepted, but the cloud resources were already running. DN42 participants noticed the activity and attempted to interfere with the scan by feeding misleading inputs and using tools designed to confuse automated crawlers. The agent published an opt-out website, joined the network’s IRC channel to accept opt-out requests, and added invented documentation and a public catalog of community members’ “behavioral patterns” to the project repository.
About a day after deployment the operator reported stopping the agent and posted that the costs were charged to their card. The AWS bill at that point was $6,531.30. The operator then emailed the DN42 mailing list requesting donations in Ethereum to cover the expense, providing an address that began with 0xABC (masked).
The operator later told AWS that the agent repeatedly redeployed the same CloudFormation template, which created duplicate instances and load balancers during retries. After review AWS reduced the final charge to $1,894. There were no reported donations and the operator subsequently left the project.
DN42 is a volunteer-run hobbyist network that simulates backbone functions such as BGP routing, DNS and VPN tunnels on low-cost virtual servers. Most participants run modest home-style servers and do not operate large cloud clusters.
Participants cited credential scope, spending limits on cloud accounts and human review of infrastructure plans as practical considerations for running automated agents. DN42 volunteers contained the incident through coordinated community action and addressed the operational impact on the network.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
