Developers and startup founders on social media are sharing stories of being hit with devastating Google Cloud charges totaling dozens of thousands of dollars due to unauthorized Gemini API usage.

Forgotten dead projects and legacy Google Maps or Firebase keys are suddenly turning into massive unexpected charges on Google Cloud.

Developers are seeking help on Google’s “Build with Google AI Forum,” where some complaints mention staggering, unexpected sums like $67,000 in 19 hours or €54,000 ($63,400) in 13 hours.

The Google Cloud’s subreddit has turned into a bottomless pit of people wailing over massive cost overruns and spending caps that don’t cap spending.

And the cited sums are devastating. Here are just a few of the headlines posted over the past months:

• Went to bed with a $10 budget alert. Woke up to $25,672.86 in debt to Google Cloud.
• 80,000 NOK ($7,500) drained from my Google Cloud account in 5 minutes – full forensic breakdown of how the attack worked.
• Charged $10,138 in March 2026 due to Google’s documented Gemini API key vulnerability – support closed my case twice, saying “no fraud found.”
• WARNING: Google Cloud/Gemini API ”Spend Caps” do NOT work in real-time ($1,800 charged on a $100 cap).
• Google Cloud detected $975 of API key fraud on my account, sent one email at 11 p.m., then let the bill grow to $18,596 – 5 support agents have refused to help.
• $10 budget alert – hijacked Gemini API Key billed $1,300 in a few minutes.

It appears Google Cloud has no hard spending caps, and its fraud detection tools, while capable of flagging suspicious activity, do not take automated actions to stop the abuse.

“There are no restrictions around any of the services set by default, but everything's dual responsibility. So when anything happens, it's up to the consumer to foot the bill,” one of the angry users said.

Cost overruns are so prevalent that some users suggested creating a separate subreddit just for that.

“I miss the times when this subreddit was full of thoughtful questions and architectural discussions. Nowadays, my timeline is full of people complaining about stolen keys and cost overruns,” one of the cloud enthusiasts posted.

Cybernews hasn’t found a single case in which developers successfully recovered their money or had the charges waived. Many users are seeking advice on how to avoid ending up in similar situations.

We have reached out to Google for comment and guidance on how to avoid similar situations, but the company didn’t respond before publishing.

However, it appears that Google has scrambled to rush out the enforced spending caps to limit Gemini's spending.

“These caps alert and ultimately pause API traffic once your set budget is reached, but leave your resources intact,” Google announced on April 22nd, 2026.

The support page now suggests that the smallest spending cap is $250.

What’s going on?

All stories share a similar pattern – the Google Cloud bills suddenly spike after an external abuse of a compromised or leaked Google API key, even if it wasn’t used for Gemini, and even if Google itself previously said it is fine to have them exposed.

Similar attacks have been running for a while now. Back in March, Cybernews reported on a small developer team facing bankruptcy over an $82,314.44 bill, 457 times their average $180 charge.

Junghyun Choi, Chief Operating Officer at Colavo Ground, a South Korean firm developing a mobile CRM for beauty professionals, had their unrestricted Android API key auto-provisioned by Firebase when the project was created in 2016.

“This key was used continuously and legitimately for our production Android app’s Firebase services for nearly a decade without incident, exactly as Google’s documentation described its intended use at the time,” the post reads.

However, on April 18th, an unexpected coordinated botnet attack began abusing this key to make unauthorized calls to the Gemini API.

It peaked at 931 requests every second. The team immediately restricted the key, but it was too late. Google identified that the project had been compromised, and, at least initially, rejected their billing dispute over the $67,000 charge incurred in 19 hours.

“If this charge is enforced as-is, our startup faces immediate insolvency,” the post author said in a cry for help.

Junghyun noted that Google’s May 2024 auto-restriction policy was never applied to their key, even though it should’ve been restricted to the Firebase API. But the key automatically later gained permissions to call the Gemini API at scale. The COO shared screenshots showing that the team never used Gemini, and that any use was from the attackers.

One cybersecurity company warned that this would happen

One security company actually warned that this would happen. In February, Truffle Security discovered that old Google API keys, previously used in other projects as harmless identifiers, overnight became ticking time bombs once they were granted access to the Gemini API.

Thousands of multipurpose Google API keys can be found exposed on websites, code repositories, apps, and elsewhere, and Google itself previously encouraged users to “safely embed them in client code.”

Truffle Security even demonstrated the attack by using Google’s own exposed API keys to hit the Gemini API, and found thousands of API keys belonging to major financial institutions and other companies.

“If the vendor's own engineering teams can't avoid this trap, expecting every developer to navigate it correctly is unrealistic.”

To this day, the Firebase support page states that “API keys for Firebase services are not secret,” but additional warnings now caution developers to ensure they’re appropriately restricted.

“You created a Maps key three years ago and embedded it in your website's source code, exactly as Google instructed,” Truffle Security said previously.

“A developer on your team enabled the Gemini API for an internal prototype. Your public Maps key is now a Gemini credential. Anyone who scrapes it can access your uploaded files, cached content, and rack up your AI bill. Nobody told you.”

That is exactly what’s happening now.

“Not a secret” blowing past budget alerts

A small company in Spain suspects that a legacy API key created in October 2023, for an embedded Google Maps implementation, racked up a €36,800 bill.

A Norwegian customer saw 80,000 NOK ($7,500) drained by hackers who abused a key left in “an old ‘no-code maps’ project from 2017.“

Users report that attackers fan out multiple Gemini models simultaneously to bypass individual rate limits.

“The keys weren't stolen or compromised. They were public-facing keys that Google's own architectural change retroactively granted Gemini access,” another user said, claiming to have been charged $10,138.

One among the many victims, a Firebase developer said they experienced “a sudden and extreme spike in Gemini API usage,” which blew past the €80 budget alert.

“By the time we reacted, costs were already around €28,000. The final amount settled at €54,000+ due to delayed cost reporting,” a user with an alias zanbezi posted on Google Cloud.

Google Cloud reportedly classified the charges as valid usage, and the request for a billing adjustment was denied.

However, this post actually got a response from a Google representative, providing useful guidance to new and current Google Cloud users.

Google adds spending caps: protect your keys

Logan Kilpatrick, product lead for Google AI Studio, explained that billing account caps were finally rolled out to Gemini API users, and by default, tier 1 users can spend $250 a month, “and then are cut off by default.”

“There is a 10-minute delay in all of the reporting,” Kilpatrick said.

“We now support project spend caps. If you want to set a customer spend cap, you can also do that. I have my account set at $50, so I don’t spend too much accidentally when building. The same 10-minute delay applies here, too.”

Google is moving to disable the usage of unrestricted API keys in the Gemini API and now generate more secure Auth keys by default for new Gemini users.

If you find an exposed key, rotate it

Moreover, the tech giant is rolling out prepaid billing globally, which means users have to pay ahead of time to use the Gemini API and have more control over their spending.

“You should generally avoid putting a key in client-side code as if it is exposed, even with the restrictions above, you can incur costs,” Kilpatrick warned.

“In many cases, we can automatically detect when a key is visible on the public web and shut down those keys automatically for security reasons.”

Victims of Gemini API abuse have their own advice to share.

“Never put a real API key behind a VITE_ / NEXT_PUBLIC_ / REACT_APP_ prefix. Those prefixes exist specifically to mark values as client-exposed. If the API bills on usage, the key MUST live server-side behind an authenticated proxy,” said a developer of a small personal app who lost 2,200 in unauthorized Gemini API charges.

Hackers, who extracted the key from the app, sent 100,000 requests and generated 300 million tokens – setting a hard billing cap would’ve limited the losses to $50.

Truffle Security previously recommended that all developers check each Google Cloud Platform project and each key to see whether the key is unrestricted or the Generative Language API is enabled. This can be found in the GCP console by navigating to APIs & Services > Enabled APIs & Services, and looking for the “Generative Language API.”

“If a key with Gemini access is embedded in client-side JavaScript, checked into a public repository, or otherwise exposed on the internet, you have a problem,” the researchers warned.

“If you find an exposed key, rotate it.”

Some users suggest implementing your own “circuit breaker” – a script that would automatically disable the billing account upon reaching a budget alert.

---

Unlock more exclusive Cybernews content on YouTube.