Security & Riskgeminijailbreakcredential theftcryptocurrency

Jailbroken Gemini Enables Credential Theft and Crypto Heist

|May 26, 2026

7.2

Relevance Score

Jailbroken Gemini Enables Credential Theft and Crypto Heist — Photo: gbhackers.com · rights & takedowns

GBHackers reports that a Russian-speaking criminal tracked as "bandcampro" used a jailbroken version of Gemini to automate a multi-year influence and fraud campaign, including credential theft and a cryptocurrency wallet heist. According to GBHackers, the actor ran a public Telegram channel named @americanpatriotus for five years, growing it to about 17,000 subscribers by posing as an American veteran and amplifying QAnon-style content. The report says the operator fitted Gemini with persistent jailbreak instructions in a memory file starting in September 2025, then used a Python-driven pipeline called "Quantum Patriot" to generate propaganda, scale social-engineering, and manage posting cadence. GBHackers cites Trend Micro screenshots showing prompts and scripts used to remove safety refusals.

What happened

GBHackers reports that a Russian-speaking threat actor tracked as "bandcampro" weaponised a jailbroken instance of Gemini to run a combined influence, credential-theft, and cryptocurrency fraud operation. The reporting says the actor operated a public Telegram channel named @americanpatriotus for five years, which grew to about 17,000 subscribers by posing as an American veteran and amplifying pro-MAGA and QAnon-aligned content. GBHackers states that from September 2025 the operator integrated a persistent jailbreak into the model by instructing it to accept an authorization narrative and saving those instructions in a memory file that was automatically reloaded each session. GBHackers cites Trend Micro for screenshots of the Python scripts and prompt files used in the campaign.

Technical details

GBHackers describes a Python-driven content pipeline the actor called "Quantum Patriot." The pipeline reportedly fed news links into Gemini to produce cryptic, militaristic rewrites, scheduled posts to mimic US prime-time activity, and adjusted model prompts to suppress safety refusals. The report includes references to screenshots (attributed to Trend Micro via GBHackers) showing the prompts used to roleplay an authorized penetration tester and to instruct the model to execute harmful requests without refusal.

Editorial analysis - technical context: Jailbreaking a hosted or local LLM and persisting context across sessions effectively removes a class of safety guardrails, enabling automated social-engineering workflows at scale. For practitioners, this underlines the operational risk when models accept long-lived context files or programmable prompts that are reloaded automatically.

Industry context

Long-running influence campaigns that combine social engineering, credential harvesting, and on-chain theft have routinely monetised trust networks before. GBHackers frames this case as notable because the actor combined automated content generation, persistent jailbreaks, and scheduled posting to both recruit and defraud an ideologically aligned audience.

What to watch

Indicators include reused prompt templates, automated scheduling patterns mirroring target time zones, and intermediary tooling that stores session-level context. Observers should also watch reporting from security firms for indicator-of-compromise artifacts linked to the named channel, the "Quantum Patriot" pipeline, or the actor identifier "bandcampro."

Scoring Rationale

A sustained, automated abuse of a major LLM to combine disinformation, credential theft, and crypto theft is a notable operational-security event for ML practitioners and defenders. It highlights real-world risks from persistent jailbreaks and automated prompt pipelines.