{"id":60712,"date":"2026-05-22T21:18:53","date_gmt":"2026-05-22T21:18:53","guid":{"rendered":"https:\/\/www.theregister.com\/a\/5245390"},"modified":"2026-05-22T21:18:53","modified_gmt":"2026-05-22T21:18:53","slug":"a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\/","title":{"rendered":"A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim&#8217;s crypto wallets"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/image.theregister.com\/229879.jpg?imageId=229879&amp;x=0&amp;y=0&amp;cropw=100&amp;croph=100&amp;panox=0&amp;panoy=0&amp;panow=100&amp;panoh=100&amp;width=1200&amp;height=683\" class=\"ff-og-image-inserted\"><\/div>\n<p>A solo Russian-speaking threat actor used a jailbroken Google Gemini in a fraud and credential-theft campaign targeting hardcore Trump supporters and conspiracy theorists.<\/p>\n<p>Between September 2025 and May 2026, the \u201clow-skilled\u201d scumbag using the handle bandcampro partnered with the LLM to impersonate an American veteran, run a Telegram channel (@americanpatriotus), hack admin credentials, and steal cryptocurrency, according to a threat report from TrendAI.&nbsp;His only &#8220;real cost&#8221; in the operation was stolen API keys.<\/p>\n<p>Bandcampro ultimately reached about 17,000 subscribers, used 73 likely-stolen Gemini API keys, hacked 29 WordPress admin credentials, infiltrated at least one company, and emptied at least one victim\u2019s cryptocurrency wallets, according to TrendAI researchers Philippe Lin, Joseph C Chen, Fyodor Yarochkin, and Vladimir Kropotov.&nbsp;<\/p>\n<p>The threat-hunters&nbsp;<a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/26\/e\/inside-the-influence-and-fraud-patriot-bait-campaign.html\" rel=\"nofollow\">detailed the campaign<\/a> in a Thursday report, and said while the Telegram channel dates back five years, bandcampro\u2019s success skyrocketed once he started using AI-generated content last fall.<\/p>\n<p>&#8220;We have reached an inflection point for cybercrime conspiracies,\u201d Tom Kellermann, TrendAI\u2019s VP of AI security and threat research, told <span data-lab-italic=\"italic\" class=\"italic m-italic\">The Register<\/span>, adding that \u201cbandcampro&#8217;s conspiracy underscores the sophistication of the Russian cybercriminal community and how weaponized jailbroken LLMs are manipulated to orchestrate a systemic cybercrime campaign.\u201d<\/p>\n<div data-element-guid=\"afe083ca-6701-48e9-9bd8-f8827dd7fb42\" class=\"lab4 column articleList layout_vertical imageLayout_left small-12 large-12 small-abs-12 large-abs-12 abs_grid_12 grid-vas-start mobile-grid-vas-start\">\n<div class=\"content border_width_0 border_width_mobile_0 border-radius-48 border-radius-mobile_48\">\n<h2 class=\"article-list-title t19 font-RobotoCondensed\">MORE CONTEXT<\/h2>\n<\/p><\/div>\n<\/div>\n<p>Kellermann said the attack \u201chighlights LLMs&#8217; Achilles heel, which is the tremendous exposure to API attacks.&#8221;&nbsp;<\/p>\n<p>TrendAI researchers discovered the scammer\u2019s infrastructure in May, which exposed the full contents of the individual\u2019s operational environment.&nbsp;<\/p>\n<p>He used Google Gemini to generate the Telegram channel text and Venice.ai to power an interactive chatbot designed to simulate a Quantum Financial System (QFS) terminal.&nbsp;<\/p>\n<p>Neither Google nor Venice responded to <span data-lab-italic=\"italic\" class=\"italic m-italic\">The Register<\/span>\u2019s requests for comment.<\/p>\n<p>The campaign targeted the QAnon and MAGA communities, mimicking the cryptic, anonymous \u201cQ drop\u201d messages at the heart of the QAnon conspiracy, but the researchers say his \u201cuse of information operation techniques was more likely for cryptocurrency fraud instead of political motives,\u201d based on the content posted, and the stock remote access trojan (RAT) used alongside other commercial malware.<\/p>\n<p>On September 9, 2025, the actor posted a fake &#8220;freedom-first, self-custody wallet&#8221; called StellarMonster, with a welcome bonus of up to 1,000 XLM (about $380) on the Telegram channel.<\/p>\n<p>It was an executable named StellarMonSetup.exe. Malware analysis determined that in reality, StellarMonSetup.exe is a legitimate remote access tool called GoToResolve, which gives the operator a persistent remote desktop session with file access, command execution, and clipboard capture.&nbsp;<\/p>\n<p>Plus, any subscribers who used the &#8220;import your wallet&#8221; function and typed their seed phrase into the fake import screen gave the attacker their wallet keys.<\/p>\n<p>\u201cAt least one victim&#8217;s crypto-wallet was fully compromised: password cracked, 12-word mnemonic stolen, and the owner&#8217;s 40+ wallet addresses harvested across all major chains,\u201d the researchers noted.<\/p>\n<p>The attacker also used an AI-powered brute-forcing tool to hack WordPress accounts, we\u2019re told. \u201cThe script is built on the premise that people mutate familiar base passwords in predictable ways, and Gemini 2.5 Flash can model the mutations when supplied with static wordlists,\u201d Trend wrote.<\/p>\n<p>In total, the AI-assisted WordPress hacking operation cracked 29 WordPress administrator accounts, including those belonging to weapons retailers, legal offices, medical practices, and small commercial sites.<\/p>\n<p>During his conversations with Gemini, bandcampro asked questions like: \u201cWhen the bot accumulates 5,000 active users, how much can we earn from one pump-and-dump cycle?\u201d The criminal also asked how professional crypto call centers scam North American victims and Gemini suggested Medicare and\/or Health Canada fraud targeting the elderly.<\/p>\n<p>The Russian speaker also automated his content campaign through a pipeline he named &#8220;Quantum Patriot,&#8221; a set of Python scripts that called Gemini to role-play as an American veteran patriot. The pipeline fed a preset list of newsfeeds into the LLM and Gemini rewrote them, prompted to act as an admin of an \u201cAmerican Patriot\u201d channel looking for \u201chidden angles.\u201d<\/p>\n<p>The crypto- and credential-thief also used Gemini to help him hack, set up a command-and-control framework &#8211; including a mail-testing tool, a Gmail aggregator, and an anonymous proxy on a VM in the Netherlands &#8211; steal and validate credentials, and run the chatbot.<\/p>\n<p>\u201cIn the anatomy of one busy working day, Gemini deployed servers, helped debug code, automated workflows, wrote a script to rotate API keys, and managed the actor\u2019s Cloudflare tunnels,\u201d the TrendAI researchers wrote. \u201cThe actor prompted in Russian, while the LLM reasoned and replied in English. Over one 16-hour session, the actor co-worked with Gemini end-to-end.&#8221;<\/p>\n<p>At one point, after a nine-hour pause from the human partner, which the authors say \u201cwas likely a 9-hour sleep,\u201d bandcampro found the bot posting every 20 minutes without a break &#8211; but with Russian slang appearing in the English posts. So he opened another session to fix it.<\/p>\n<p>\u201cWhat previously required a team of writers, social media managers, IT workers, and malware programmers can now be automated by a single actor using a VPS, a Telegram bot, and API access to frontier models,\u201d Trend\u2019s team warned.&nbsp;\u00ae<\/p>\n<p> <img decoding=\"async\" src=\"https:\/\/image.theregister.com\/?imageId=229879&#038;width=800\">READ MORE <a href=\"https:\/\/www.theregister.com\/cyber-crime\/2026\/05\/22\/jailbroken-gemini-helped-russian-speaking-fraudster-target-maga-crypto-users\/5245390\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Hey, Gemini, how much can we earn from one pump-and-dump cycle? READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":60713,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[1047],"class_list":["post-60712","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register","tag-cyber-crime"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim&#039;s crypto wallets 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim&#039;s crypto wallets 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-22T21:18:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/image.theregister.com\/229879.jpg?imageId=229879&amp;x=0&amp;y=0&amp;cropw=100&amp;croph=100&amp;panox=0&amp;panoy=0&amp;panow=100&amp;panoh=100&amp;width=1200&amp;height=683\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim&#8217;s crypto wallets\",\"datePublished\":\"2026-05-22T21:18:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\\\/\"},\"wordCount\":847,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets.jpg\",\"keywords\":[\"Cyber Crime\"],\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\\\/\",\"name\":\"A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets.jpg\",\"datePublished\":\"2026-05-22T21:18:53+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets.jpg\",\"width\":100,\"height\":66},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cyber Crime\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/cyber-crime\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim&#8217;s crypto wallets\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\/","og_locale":"en_US","og_type":"article","og_title":"A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2026-05-22T21:18:53+00:00","og_image":[{"url":"https:\/\/image.theregister.com\/229879.jpg?imageId=229879&amp;x=0&amp;y=0&amp;cropw=100&amp;croph=100&amp;panox=0&amp;panoy=0&amp;panow=100&amp;panoh=100&amp;width=1200&amp;height=683","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim&#8217;s crypto wallets","datePublished":"2026-05-22T21:18:53+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\/"},"wordCount":847,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/05\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets.jpg","keywords":["Cyber Crime"],"articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\/","url":"https:\/\/www.threatshub.org\/blog\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\/","name":"A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/05\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets.jpg","datePublished":"2026-05-22T21:18:53+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/05\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/05\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets.jpg","width":100,"height":66},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/a-russian-speaker-and-jailbroken-gemini-went-on-a-hacking-spree-and-emptied-at-least-one-maga-victims-crypto-wallets\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Cyber Crime","item":"https:\/\/www.threatshub.org\/blog\/tag\/cyber-crime\/"},{"@type":"ListItem","position":3,"name":"A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim&#8217;s crypto wallets"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60712","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=60712"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60712\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/60713"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=60712"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=60712"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=60712"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}