Gemini API key thief racks up $82,314 in charges in just two days, victim 'facing bankruptcy' — affected devs call for basic guardrails against 'catastrophic usage anomalies'

Published: 1 day ago (March 4, 2026 at 06:00 AM EST)

2 min read

Source: Tom’s Hardware

Image credit: Google Gemini

Incident Overview

A Google Gemini user reported on Reddit that their development business, which normally spends about $180 per month on Gemini AI services, was hit with $82,314.44 in charges over a 48‑hour period after a stolen Gemini API key was used to generate large volumes of Gemini 3 Pro images and text. The user, known as RatonVaquero, deleted the compromised key, disabled the Gemini APIs, rotated credentials, enabled two‑factor authentication, locked down IAM, and opened a support case with Google. Initial feedback from a Google representative suggests the charges are likely to remain.

Contributing Factors

Some Redditors argue that the API key may have been exposed due to recent changes in Google’s API key secrecy rules, which could have made the key easier to discover.
The victim’s company lacks “basic guardrails for catastrophic usage anomalies,” such as automatic service freezes or per‑API spending caps.

Existing Google Guardrails

Personal/Consumer Gemini customers are protected by flat monthly fees and usage caps.
Developer/Business Google AI Studio users can configure Quotas to limit the number of requests per day or per minute.
Google Cloud (Vertex AI) users can set Budget Alerts to receive notifications when spending reaches a predefined dollar amount.

Desired Safeguards

RatonVaquero and other developers are calling for additional protections, including:

Temporary service freezes triggered by abnormal usage spikes, pending manual review.
Per‑API spending caps that automatically stop further charges once a threshold is reached.
More transparent budget and usage monitoring tools integrated directly into the Gemini console.

Next Steps

The affected developer has filed a cybercrime report with the FBI.
They plan to share detailed logs of the 455× usage spike with Google in hopes of receiving goodwill credits.
Ongoing communication with a Google representative is expected to determine whether any remediation or credit can be applied.

Image credit: Google Gemini

Gemini API key thief racks up $82,314 in charges in just two days, victim 'facing bankruptcy' — affected devs call for basic guardrails against 'catastrophic usage anomalies'

Incident Overview

Contributing Factors

Existing Google Guardrails

Desired Safeguards

Next Steps

Related posts

Labubu sues 3D printer maker Bambu Lab for items made by its users — MakerWorld design repository in hot water over IP theft by its users

AI vibe-coded operating system is so bad it can't even run Doom — Vib-OS can't connect to the internet, browser app is an image viewer

For under $1000, land the fastest gaming CPU, motherboard, and 32GB of RAM — AMD's Ryzen 7 9850X3D, MSI MAG X870, and Corsair Vengeance RAM saves you $196 in today's Newegg combo deal

OpenAI building GitHub alternative after frequent platform outages and disruptions — a public OpenAI code repository would directly compete with one of its biggest investors