Jailbroken Gemini AI Helped Russian Scammer Drain Crypto Wallets of ‘Patriot’ Community
Table of Contents
The ‘Quantum Patriot’ Pipeline
A single Russian-speaking threat actor managed to orchestrate a wide-ranging fraud and credential-theft campaign by leveraging a jailbroken version of Google’s Gemini AI. According to a detailed threat report from TrendAI, the operator—known by the handle ‘bandcampro’—targeted hardcore Trump supporters and conspiracy theorists, blending political grievances with sophisticated financial scams.
Operating between September 2025 and May 2026, the attacker built what he called the ‘Quantum Patriot’ pipeline. This system consisted of Python scripts that fed real-time newsfeeds into Gemini, which were then rewritten by the AI to mimic the voice of an American veteran. This persona was used to grow a Telegram channel, @americanpatriotus, which eventually amassed approximately 17,000 subscribers. The AI didn’t just write the posts; it was prompted to find ‘hidden angles’ that would resonate with the QAnon and MAGA communities, mirroring the cryptic ‘Q drop’ style of messaging.
Weaponizing the API
The scale of the operation was made possible through the abuse of Gemini’s API. TrendAI researchers discovered that bandcampro utilized 73 likely-stolen API keys to bypass standard safety filters and costs. This allowed the actor to use the LLM as a full-scale operational assistant. In one documented 16-hour session, the AI helped the attacker deploy servers, debug malicious code, manage Cloudflare tunnels, and rotate API keys to avoid detection.
The relationship was highly collaborative. The attacker prompted the model in Russian, and the AI reasoned and replied in English. This synergy allowed a ‘low-skilled’ individual to perform tasks that previously would have required a coordinated team of social media managers, IT specialists, and malware programmers.
From Conspiracy to Crypto Theft
While the messaging was political, the motive was purely financial. The campaign centered on a fraudulent ‘freedom-first, self-custody wallet’ dubbed StellarMonster. On September 9, 2025, the actor promoted the wallet via his Telegram channel, offering a welcome bonus of 1,000 XLM (roughly $380) to lure victims into downloading an executable file: StellarMonSetup.exe.
Analysis of the file revealed it was not a wallet at all, but a rebranded version of GoToResolve, a legitimate remote access tool. Once installed, it gave the attacker persistent access to the victim’s desktop, including the ability to execute commands and capture clipboard data. For those who attempted to ‘import’ their existing wallets by entering their seed phrases into the fake interface, the theft was instantaneous. TrendAI noted that at least one victim had their entire cryptocurrency portfolio compromised, with over 40 wallet addresses harvested across multiple chains.
Automated Brute-Forcing and Site Infiltration
The campaign extended beyond crypto theft into broader credential harvesting. The attacker used Gemini 2.5 Flash to power a brute-forcing tool designed to crack WordPress administrator accounts. By supplying the AI with static wordlists, the operator used the LLM to model how users typically mutate familiar passwords in predictable ways.
This AI-assisted approach resulted in the compromise of 29 WordPress admin accounts. The victims were a diverse group, ranging from small medical practices and legal offices to weapons retailers and commercial sites. In these sessions, the attacker’s prompts to Gemini revealed a chilling level of calculation, asking the AI specifically how much could be earned from a ‘pump-and-dump’ cycle once the bot reached 5,000 active users.
Tom Kellermann, VP of AI security and threat research at TrendAI, described the incident as an ‘inflection point for cybercrime conspiracies.’ Kellermann noted that the campaign underscores the specific vulnerability of LLMs to API-based attacks, which can be used to strip away the guardrails intended to prevent the generation of harmful or fraudulent content.
Neither Google nor Venice.ai, whose platform was used to host an interactive chatbot simulating a ‘Quantum Financial System’ terminal, responded immediately to requests for comment.
