Gemini API key thief racks up $82,314 in charges in just two days, victim ‘facing bankruptcy’ — affected devs call for basic guardrails against ‘catastrophic us

Gemini API key thief racks up $82,314 in charges in just two days, victim 'facing bankruptcy' — affected devs call for basic guardrails against 'catastrophic us

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works .

A Google Gemini user has taken to Reddit “in a state of shock and panic.” The issue is with the most recent bill received by their software development business. Redditor RatonVaquero’s typical monthly spend on Gemini AI services is $180. However, in just 48 hours last month, their account “generated $82,314.44 in charges.” A thief has been using the account to generate oodles of Gemini 3 Pro Images and Texts. If Google doesn’t back down regarding these non-trivial fees from the suspected “stolen Gemini API key,” it will bankrupt the company.

Tragically, locking the door after the horse has bolted, RatonVaquero has now “Deleted the compromised key, Disabled Gemini APIs, Rotated credentials, Enabled 2FA everywhere, Locked down IAM, [and] Opened a support case.” On the latter point, initial feedback from a Google rep they contacted indicates that the charges will probably stick.

From the Redditor’s discussion of their correspondence with Google so far, it looks like the “don’t be evil” company is going to repeatedly cite its ‘Shared Responsibility Model’ for cloud services accounts. I’ve had a quick look at the referenced legal word salad, and I’d guess Google is leaning on the part of its agreement that asks customers to have an authentication system, access policy, and network security in place to protect their API keys, among other things.

Google reports that state hackers from China, Russia and Iran are using Gemini in 'all stages' of attacks

Alphabet is doubling its capital expenditure to a staggering $180 billion in 2026

AI.com's $85 million Super Bowl ad campaign falls foul as traffic crashes servers

Interestingly, though, several Redditors also note that the stolen API key(s) might actually have been there for the taking, and it is Google’s fault for flipping its API key secrecy rules.

Arguing for some ‘mercy,’ RatonVaquero, one of three devs at the affected Mexican development firm, complains that Google doesn’t have “basic guardrails for catastrophic usage anomalies.” The contrast in usage, from a usual $180pcm to $82,000+ in 48 hours, does indeed look like an extreme spike. RatonVaquero also says that there should be features like temporarily freezing services until review and the implementation of per-API spending caps.

A look into this overcharging issue indicates that Personal/consumer Gemini customers can’t accidentally spend more than their flat monthly fee. Instead, they have usage caps . Moving up to Dev/Business Google AI Studio users, they can set Quotas (limiting the number of requests per day or per minute). Meanwhile, Google Cloud (Vertex AI) users can set Budget Alerts to notify them when they reach a certain dollar amount.

RatonVaquero says they will talk again with a Google rep soon, and have filed a cybercrime report with the FBI . Now they are basically hoping for a softening of big G’s stance. They may be able to share the logs of their unusual “455x spike” in usage, and ask for “goodwill credits” as victims of a cybersecurity incident. It is Kafkaesque, but usually a bit of stubborn persistence can help get your case seen by the right people for a more favorable outcome.

Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.

Key considerations

Investor positioning can change fast
Volatility remains possible near catalysts
Macro rates and liquidity can dominate flows

Reference reading

More on this site

Informational only. No financial advice. Do your own research.

Key considerations

Reference reading

More on this site

Related posts:

Leave a Comment Cancel reply