A Russian Speaking Fraudster Just Spent Eight Months Running a MAGA Themed Crypto Scam With 73 Stolen Google Gemini Keys—And Drained Victim Wallets With AI Generated Q Drop Style Phishing Across 40 Plus Blockchain Addresses

Key Takeaways

• Bandcampro is a Russian speaking solo threat actor who operated from September 2025 to May 2026 using 73 stolen Google Gemini API keys plus Venice.ai chatbot access.
• The operator built a Telegram channel called @americanpatriotus that reached approximately 17,000 subscribers by impersonating an American veteran and mimicking QAnon "Q drop" messaging.
• The "Quantum Patriot" Python pipeline used Gemini to generate posts, automate WordPress account brute forcing, and write phishing copy in the voice of the impersonated veteran—reaching 29 hacked WordPress administrator credentials and at least one infiltrated company.
• The crypto fraud arm distributed a fake wallet named "StellarMonster" (StellarMonSetup.exe) and weaponized GoToResolve, a legitimate remote management tool, for persistence after install.
• One named victim had their crypto wallet fully drained: password cracked, 12 word seed phrase exfiltrated, and 40 plus blockchain addresses harvested across Ethereum, Solana, Bitcoin, and BNB Chain.

Who Is Bandcampro?

The TrendAI research team—Philippe Lin, Joseph C Chen, Fyodor Yarochkin, and Vladimir Kropotov—mapped bandcampro across two underground forums, a Telegram operator account, and the artifacts left in the stolen Gemini API logs. The composite picture is of a single low skilled actor with no team, no day job in cybersecurity, and almost no infrastructure costs of their own. The campaign ran on borrowed compute.

The 73 Gemini API keys were stolen rather than purchased. Most appear to come from misconfigured GitHub repositories or public Postman workspaces—the same source that has fed credential stealers for years. The Venice.ai usage was paid, but Venice's per query pricing for the model tier bandcampro used was a few cents.

The eight month timeline overlaps almost exactly with the period in which jailbreak prompts for Gemini's content filters have circulated on Russian and English language hacking forums. The bandcampro operator used a publicly traded jailbreak template, slightly modified, that defeats Gemini's refusal layer for content categories including persona impersonation, fraud copy, and password attack tooling. None of the prompt engineering was novel. The novelty was the operational discipline of running the whole campaign on it.

How Did the Telegram Channel Work?

The @americanpatriotus channel posted between three and six times a day in the voice of an American veteran reacting to news events. The voice was consistent across months because Gemini, prompted with a persona sheet and a topical news feed, will reproduce the same tonal register reliably. The post template imitated the format of QAnon "Q drops"—short pseudo cryptic messages with capitalized keywords and a recurring set of conspiratorial references.

By month three, the channel had accumulated roughly 5,000 subscribers. By month six, it reached 17,000. The growth was almost entirely organic—the audience that responds to that messaging is large, recommendable, and not particularly skeptical of provenance. Once trust was established, the channel began suggesting that subscribers explore a "patriot wealth" cryptocurrency project. That suggestion linked to the StellarMonster site.

The cross over to actual financial harm started there. The site offered a downloadable wallet called StellarMonSetup.exe. The installer pretended to set up a privacy preserving wallet for what it described as a politically aligned cryptocurrency. In practice, it installed a credential stealer, configured GoToResolve for remote access, and exfiltrated any existing wallet seed phrases the user already kept on the device.

What Did the Wallet Theft Look Like?

TrendAI's writeup names one victim—a small business operator who lost the entirety of a personal crypto holding spread across four chains. The mechanics, in order of execution:

• The StellarMonster installer dumped browser saved credentials, including the password to the victim's existing legitimate wallet.
• GoToResolve provided a stable remote channel into the victim's machine. The legitimate tool is signed, allow listed by most endpoint detection products, and looks indistinguishable from any other IT support session.
• The legitimate wallet's local storage was unlocked using the dumped password, and the 12 word seed phrase was extracted in plain text.
• The seed phrase was used to derive 40 plus deposit addresses across Ethereum, Solana, Bitcoin, and BNB Chain. Each was checked for balance. Non zero balances were swept to attacker addresses.
• The whole operation took less than 15 minutes from installer launch to wallet drain.

The named victim is one of an unknown larger population. TrendAI was able to identify 29 separately hacked WordPress administrator credentials from the campaign, and at least one infiltrated company; the company name is not disclosed in the published research.

Why Do Stolen Gemini Keys Matter?

An LLM with usable jailbreak coverage is a generic capability multiplier for a fraud operation. Bandcampro did not write the channel's posts manually. It did not write the phishing copy manually. It did not write the WordPress brute force tool manually. The Quantum Patriot pipeline turned a single Telegram channel concept into a small production line, and the production line scaled to 17,000 subscribers because the human in the loop had to spend almost no time on per piece content work.

The Gemini keys are the bottleneck. A paid Gemini account, used for the kind of volume and content categories bandcampro needed, would have been suspended within days. The 73 stolen keys provided enough redundancy that key rotation by Google's abuse detection did not interrupt the campaign. As Google revoked one, the operator simply rotated to another. The pool of available stolen keys, in the open source intelligence sources TrendAI tracks, has grown sharply during 2026 in step with similar trends documented for OpenAI and Anthropic keys.

Tom Kellermann, summarizing the implication for TrendAI: "We have reached an inflection point for cybercrime conspiracies." The pipeline a single low skilled actor can stand up with stolen LLM credentials is now larger than what a small team could produce manually two years ago.

What Should Defenders Watch For?

The campaign's specifics are not the most useful detection signal. The reusable signals are: a Telegram channel with consistent voice growing fast through politically aligned communities, an associated downloadable "wallet" not listed on any reputable wallet review site, and a customer support flow that ends with a GoToResolve session. Each of those is, individually, an indicator of generic fraud. Together they are a tell.

For corporate defenders, the GoToResolve angle is the one most likely to slip past existing controls. The tool is legitimate, signed, and on the allow list of most managed detection programs. A user installation that did not come through corporate IT is a meaningful anomaly to alert on. Similar misuse of remote management tools has been documented in the Venomous Helper SSA campaign against 80 companies via SimpleHelp and ScreenConnect.

For individual users, the practical defense reduces to the same advice that has held for years: any wallet that asks for a 12 word seed phrase outside the wallet's own setup flow is a thief; any "patriot," "Christian," "tactical," or other politically themed crypto project is a thief; any installer downloaded from a Telegram channel is a thief. Bandcampro did not invent that pattern. It just industrialized it.