Hello,
We were billed for a very large amount of Gemini API usage, but we cannot identify any activity on our side that would explain this traffic. Starting on August 12th, the usage gradually increased and then on August 17th skyrocketed and it reached nearly $5,000 per day ($40,000 in total).
We have various models in the billing statistics that we have never used. Mostly expensive models!
The only way we were able to stop the charges was by completely disabling the Gemini API.
This looks like it may have been caused by an issue on Gemini’s side rather than our usage. Can you please investigate and provide clarity on what generated these charges?
Thank you for your urgent assistance.
We can provide all what is needed.
1 Like
Hi @George_M,
Welcome to the Google AI Forum! 
I apologize for the loss.. As you have mentioned that there are various models in billing statistics, it looks to me that one of your API keys associated with your GCP project might have leaked and the hacker must have increased usage which explains models listing in your billing statistics.
Architectural Patterns to prevent such issues in future
Establish OAuth and frequently refreshing API keys pattern (simple) OR completely avoid access to API key access to project users by using use OAuth + Proxy + token + refresh token pattern.
These approaches help you gain user level tracking with authentication and prevents exposing API keys thereby completely avoiding leaks.
I hope this helps resolve your issue.
How can we get a list of remote ip addresses that was accessing our API Keys? Or any confirmation about this?
Last month, there was a billing bug in the Gemini API, which was officially announced.
It says the bug will be fixed and reflected in your account within 48 hours, but it has not been fixed yet.
Logan Kilpatrick also shared his situation on X.