March 3, 2026
Key theft, cash burn
Stolen Gemini API key racks up $82,000 in 48 hours
One leaked key, $82k bill—users rage at Google’s no-cap policy while memes roast the mess
TLDR: A stolen Google Cloud key triggered $82,314 in Gemini AI charges in 48 hours. Commenters slammed the lack of hard spending caps, debated Google’s key policies, and mocked the blog’s AI-written vibe—all agreeing that alerts, quotas, and locked-down keys are survival gear for anyone using cloud AI.
A founder says a stolen Google Cloud API key burned through $82,314 in Gemini AI charges in just 48 hours—his usual monthly bill was $180—and Reddit erupted. The loudest chorus: why doesn’t Google Cloud have a hard spending cap? One user sighed, “Is there a way to limit spending… only alerts, no hard limit,” as panicked devs clutched their wallets. Memes flew: “Gemini speedrun: bankrupt%,” and “API keys are just gift cards for hackers.”
Then the blame game arrived. Several pointed to a HN thread claiming Google changed how keys are treated—once not secret, now suddenly secret— with some insisting the victim has “a good case.” Others side-eyed the site itself: “the blog is written by an AI,” one commenter sniffed, accusing it of self‑promo more than PSA—even as the PSA hit hard. The practical crowd grilled logistics: “How do you even spend $82k in 48 hours?” Cue visions of bot farms, resellers, and prompt spammers brute-forcing queries. The only consensus? Set alerts, set quotas, lock down keys, and don’t leave your wallet tied to a runaway robot. And yes, triple-check those billing caps—if you can find them on Google Cloud.
Key Points
- •A stolen Google Cloud API key led to $82,314 in Gemini charges within 48 hours.
- •The affected account’s normal monthly spend was about $180.
- •The article serves as a warning about financial risk from compromised API credentials.
- •Primary recommendation: enable billing caps and alerts on cloud API keys.
- •An original Reddit post in r/googlecloud is linked as the source for the incident details.