Jailbroken Gemini Used In AI-Assisted Crypto Theft Campaign

A Russian-speaking threat actor tracked as “bandcampro” used a jailbroken Gemini setup to support a long-running AI-assisted “Patriot Bait” campaign involving Telegram influence activity, credential theft and crypto fraud.

The campaign centered on the Telegram channel @americanpatriotus, which grew to roughly 17,000 subscribers while posing as an American military veteran persona. The channel mixed MAGA and QAnon-style messaging with crypto promotion, using political identity as the trust layer before pushing users toward fraud-linked assets, fake tools and wallet-compromise paths.

The case adds a sharper AI angle to the same security pressure already visible across crypto. Recent attacks have moved beyond simple phishing pages into developer tooling, stolen credentials and automated targeting, including the TrapDoor malware campaign targeting crypto and AI developers.

Gemini Jailbreak Helped Scale The Workflow

The actor used a jailbroken instance of Google Gemini CLI as an operational assistant rather than only a writing tool. The setup relied on persistent instructions stored through a GEMINI.md memory file, allowing the model to carry prior instructions into later sessions.

The AI system was used to generate persona-matched posts, support infrastructure management and help with credential-theft workflows. The operation rotated 73 likely stolen Gemini API keys, keeping costs close to zero while using AI to automate tasks that would normally require writers, social engineers and technical operators.

The credential-theft side included 29 cracked WordPress administrator accounts and at least one company infiltration, while the crypto theft side included one confirmed emptied wallet after a victim’s credentials and seed phrase were compromised. The supplied Cybersecurity News report also tied the activity to stolen API keys, WordPress access and wallet-drain infrastructure.

Wallet Security Risk Extends Beyond One Actor

The wallet-drain element is the most direct crypto impact. The campaign used a trojanized installer promoted as a self-custody crypto tool, while a fake wallet-import flow collected seed phrases from victims who entered them manually. Once a seed phrase is exposed, the attacker does not need a smart-contract exploit or exchange breach to move funds.

That user-side risk is becoming more common across crypto crime cases. Recent wallet-drain complaints have already put exchange response times under pressure after ZachXBT accused KuCoin of failing hack victims and police, while address-based manipulation has grown as Ethereum low fees fueled address-poisoning activity.

The bandcampro case shows how AI can compress the cost of influence, phishing, infrastructure work and credential guessing into a solo operation. The confirmed financial result was limited compared with the campaign’s reach, but the method is the warning: stolen API keys, persistent model instructions, fake political identity and wallet-theft tooling can now be combined cheaply enough for small actors to run campaigns that look far larger than they are.

The post Jailbroken Gemini Used In AI-Assisted Crypto Theft Campaign appeared first on Crypto Adventure.