Jailbroken Gemini Used to Orchestrate Crypto Scam Targeting QAnon and MAGA Communities
Table of Contents
The Automation of Deception
A single Russian-speaking threat actor has demonstrated the unsettling efficiency of modern AI in orchestrating complex fraud. Using a jailbroken version of Google’s Gemini, the individual—operating under the handle “bandcampro”—managed to build a convincing digital persona, infiltrate dozens of websites, and drain cryptocurrency wallets from users within the MAGA and QAnon communities.
According to a detailed threat report from TrendAI, the operation spanned from September 2025 to May 2026. The attacker didn’t rely on high-level coding skills or a large team of operatives. Instead, he leveraged approximately 73 stolen Gemini API keys to automate the most labor-intensive parts of a cybercrime campaign: content generation, social engineering, and technical debugging.
The centerpiece of the scam was a Telegram channel, @americanpatriotus, where the actor impersonated an American veteran. By using a Python-based pipeline he called “Quantum Patriot,” bandcampro fed real-time newsfeeds into Gemini, prompting the AI to rewrite the news from the perspective of a patriotic admin searching for “hidden angles.” This allowed the actor to maintain a constant, high-volume stream of content that resonated with conspiracy theorists, eventually growing the channel to 17,000 subscribers.
Weaponizing the LLM for Technical Attacks
The report highlights that the AI’s utility extended far beyond writing posts. TrendAI researchers found that Gemini was used as a real-time co-pilot for technical infrastructure. The LLM helped the actor deploy servers, debug malicious code, manage Cloudflare tunnels, and write scripts to rotate API keys to avoid detection.
One of the more sophisticated applications of the AI involved brute-forcing WordPress accounts. Rather than using simple dictionary attacks, the actor used Gemini 2.5 Flash to model how people typically mutate common passwords. By supplying the AI with static wordlists, the actor was able to crack 29 administrator accounts across a variety of sites, including legal offices, medical practices, and weapons retailers.
The ‘StellarMonster’ Trap
The campaign’s financial windfall came through targeted cryptocurrency fraud. On September 9, 2025, the actor promoted a fraudulent “freedom-first” wallet called StellarMonster, promising users a welcome bonus of 1,000 XLM (roughly $380).
The lure was a file named StellarMonSetup.exe. Analysis reveals this was not a wallet at all, but a legitimate remote access tool called GoToResolve. Once installed, it gave the attacker persistent access to the victim’s desktop, including their files and clipboard. For those who attempted to “import” their existing wallets into the fake software, the attacker simply captured their seed phrases.
The result was devastating for at least one victim, whose entire portfolio was wiped clean. The researchers noted that the attacker managed to harvest over 40 wallet addresses across multiple chains after cracking the victim’s password and stealing their 12-word mnemonic phrase.
The Human Element of AI Crime
Despite the automation, the operation revealed the persistent gaps in AI-driven crime. TrendAI researchers observed a moment where the actor likely took a nine-hour break to sleep. During this time, the automated bot continued posting every 20 minutes, but the AI began leaking Russian slang into the English posts, breaking the “American veteran” illusion. The actor had to manually intervene and open a new session to correct the linguistic drift.
The logs also reveal a chilling level of pragmatism. In conversations with Gemini, the actor asked for calculations on potential earnings from “pump-and-dump” cycles once he hit 5,000 users. He even sought advice on how professional crypto call centers scam North American victims, at which point the LLM suggested targeting the elderly via Medicare or Health Canada fraud.
Tom Kellermann, VP of AI security at TrendAI, characterized the campaign as an “inflection point,” noting that what once required a full staff of writers and programmers can now be executed by a single individual with API access to a frontier model.
