Stolen Gemini API Key Generates $82,000 in Charges Within 48 Hours

Summary

A security incident involving a compromised Google Cloud API key resulted in $82,314 in charges for Gemini API usage over just 48 hours, according to a case documented on LLMHorrors by developer Andras Bacsai. The victim's normal monthly spend was approximately $180, making this unexpected charge more than 450 times their typical usage. The incident highlights a critical vulnerability in how developers manage cloud API credentials and the catastrophic financial consequences that can occur when keys are exposed without proper spending limits.

The case underscores the importance of implementing billing caps and alerts on all cloud API keys, particularly for large language model services where usage costs can scale rapidly. Without spending limits, a single compromised key can generate charges that accumulate faster than users can detect and respond to the breach. The 48-hour timeframe suggests the attacker likely used automated scripts to maximize API usage before the key could be revoked.

This incident joins a growing number of similar cases documented on LLMHorrors, a community resource tracking costly mistakes and security incidents related to large language model deployments. As LLM APIs become more powerful and widely adopted, the potential for financial damage from compromised credentials continues to increase, making proper security hygiene and spending controls essential for any organization using these services.

• The case highlights broader security risks as LLM API usage grows, with automated abuse of stolen keys becoming an increasingly costly attack vector