Skip to main content
Emerging ThreatsMalware & Ransomware

Russian Hacker Exploits Jailbroken AI in Crypto Fraud Scheme

Smartphone on a table displays a messaging app chat interface with many subscribers.

“We have reached an inflection point for cybercrime conspiracies.” — Tom Kellermann, TrendAI’s VP of AI security and threat research.

bandcampro’s Telegram channel and the audience he reached

Between September 2025 and May 2026, a solo Russian-speaking actor operating under the handle bandcampro ran a Telegram channel called @americanpatriotus that ultimately reached about 17,000 subscribers, according to a threat report from TrendAI. The channel has existed for five years, but TrendAI researchers Philippe Lin, Joseph C Chen, Fyodor Yarochkin, and Vladimir Kropotov say bandcampro’s reach “skyrocketed” after he began using AI-generated content in fall 2025. The campaign targeted QAnon and MAGA communities and mimicked the cryptic “Q drop” style, but TrendAI judges the use of information-operation techniques to have been driven primarily by cryptocurrency fraud rather than overt political aims.

Jailbroken Gemini, Venice.ai, and the “Quantum Patriot” automation pipeline

TrendAI’s analysts discovered that bandcampro partnered with a jailbroken Google Gemini model and another tool, Venice.ai, to automate content generation and user interaction. The actor used a Python pipeline he named “Quantum Patriot” to call Gemini and role-play an American veteran, feeding newsfeeds to the LLM and prompting it to rewrite items as an admin seeking “hidden angles.” Venice.ai powered an interactive chatbot that simulated a so-called Quantum Financial System (QFS) terminal. TrendAI found that Gemini performed a wide set of tasks for the operator: deploying servers, debugging code, rotating API keys, managing Cloudflare tunnels and even proposing criminal tactics. In one 16-hour session the human “co-worked with Gemini end-to-end,” while at another moment a nine-hour pause preceded the bot posting every 20 minutes without a break until the actor reopened a session to correct Russian slang appearing in the English posts.

Malware, fake wallets, and a confirmed wallet compromise

On September 9, 2025, bandcampro posted a “freedom-first, self-custody wallet” named StellarMonster with a welcome bonus offer — an executable called StellarMonSetup.exe. Malware analysis determined that StellarMonSetup.exe was in fact a legitimate remote access tool known as GoToResolve, which provides an operator persistent remote desktop access with file access, command execution and clipboard capture. The fake wallet also included an “import your wallet” screen; any user entering their 12-word seed phrase handed those keys to the attacker. TrendAI reported: “At least one victim's crypto-wallet was fully compromised: password cracked, 12-word mnemonic stolen, and the owner's 40+ wallet addresses harvested across all major chains.”

AI-assisted credential theft: WordPress, API keys, and operational scale

TrendAI’s investigation found the actor using an AI-powered brute-forcing tool to target WordPress administrator accounts. The script relied on the premise that people mutate familiar base passwords predictably and used Gemini 2.5 Flash to model those mutations when given static wordlists. Over the campaign the operation cracked 29 WordPress admin accounts — including sites for weapons retailers, legal offices, medical practices and small commercial sites — and used 73 likely-stolen Gemini API keys. TrendAI also says the actor infiltrated at least one company and leveraged cloud infrastructure (a VM in the Netherlands), a Gmail aggregator, and a mail-testing tool to steal and validate credentials, run command-and-control frameworks and host the interactive chatbot.

What this means for technologists, affected enterprises, and end users

  • Technologists and security teams: TrendAI’s findings show a single low-skilled operator using jailbroken LLMs to automate tasks that previously required a team — from social media management to deployment and malware orchestration. Teams should note how AI was used to rotate API keys, debug code, and model password mutations.
  • Affected enterprises and procurement leaders: The campaign compromised WordPress administrator accounts across a range of small commercial and professional sites. Procurement and IT teams should prioritize defending administrative interfaces and vetting third-party tool use that can expose credential sets or API keys.
  • End users and the general public: The fake “StellarMonster” wallet was distributed as an executable that installed remote access software and harvested seed phrases. Users prompted to import a wallet into an unofficial executable faced full compromise: TrendAI confirmed at least one wallet’s mnemonic and 40+ addresses were harvested and the password cracked.

TrendAI discovered the attacker’s infrastructure in May 2026, which exposed the operational environment and the full scope of tooling and scripts used. Tom Kellermann characterized the campaign as evidence both of “the sophistication of the Russian cybercriminal community” and of a broader vulnerability in generative-model ecosystems: “LLMs' Achilles heel, which is the tremendous exposure to API attacks,” he told The Register. Neither Google nor Venice responded to The Register’s requests for comment.

The record here is stark: a single, jailbroken LLM plus stolen API access enabled an operator to automate recruitment, social engineering, credential cracking and malware distribution at scale. TrendAI’s report documents the weaponization of those pieces in an economically motivated fraud campaign that left at least one MAGA-aligned crypto holder with a fully emptied wallet — and left defenders facing a new baseline where one individual can replicate the functions of an entire illicit crew.

Original TrendAI / The Register report