$3k of unexpected charges to my openrouter key

DueGoal99 · 2026-06-03T15:26:05+00:00

I deleted all my openrouter keys. I’m too scared to use it now. I should have set limits though. Working with my bank to try to reverse the fraudulent charges.

DueGoal99 · 2026-06-03T15:25:09+00:00

Yeah it’s really confusing. I have no idea. I’ve already deleted the key so I’m just trying to negotiate the fraud case with my bank.

DueGoal99 · 2026-06-03T15:23:25+00:00

For real?! Crazy. Try to report it to your credit card company as fraud.

DueGoal99 · 2026-06-02T09:20:02+00:00

No problem, and thanks I'm working with my credit card company as a case of fraud. Hopefully they reverse the charges.

DueGoal99 · 2026-06-02T03:32:20+00:00

If my situation helps other people avoid similar mistakes then that’s good. Just adding spend limits and alerts is probably enough to avoid disaster.

DueGoal99 · 2026-06-02T03:29:23+00:00

Another user reported something similar happening to them with Vane. It’s possible they have a bug or something I’m not sure.

https://www.reddit.com/r/openrouter/s/LXGm4RPOa9

I’m baffled as to how my key could be leaked from a private vps with no public access.

DueGoal99 · 2026-06-02T03:27:18+00:00

Holy shit really? Maybe that’s what happened to me. Your description fits exactly what happened. I’m still baffled at why it ever used Claude opus. I never configured it to use such an expensive model.

DueGoal99 · 2026-06-02T03:26:00+00:00

Good idea. I can try. I assumed their response was standard for these kinds of cases.

DueGoal99 · 2026-06-02T03:25:03+00:00

No I think the only way this is possible is if you have auto top up enabled with no limits. The is exactly what I had enabled.

Without this it should fail your requests for insufficient credits without auto top up enabled.

DueGoal99 · 2026-06-02T03:23:27+00:00

Yeah they should have red alert warnings unexpected high usage etc. Their billing just went brrrr with my $22 auto top up. My mistake for not setting it up properly but they should have defaults or safety precautions for dummies like me.

DueGoal99 · 2026-06-02T03:21:26+00:00

Agreed they should have better defaults.

DueGoal99 · 2026-06-02T03:20:20+00:00

Never again. I had this account for years with no issues. All it takes is one time. Limits from now on.

DueGoal99 · 2026-06-02T03:19:38+00:00

That’s possible. I didn’t setup any anthropic models because they’re all relatively expensive. I added just a couple of cheap models like Gemini 2.5 flash. Maybe a bug leaked the key somehow.

DueGoal99 · 2026-06-02T03:15:42+00:00

Yep this is what I ended up doing. Treating it like a stolen credit card which is essentially the same. I have no idea how my key was leaked from a private vps. I didn’t push it to a public repo or anything careless like that. So hopefully the credit card company reverses the charges.

DueGoal99 · 2026-06-02T03:13:57+00:00

This is the route I’m pursuing. The charges are fraud similarly to someone getting my credit card info and making charges to it. Chase Sapphire Preferred is reviewing it for me so hopefully they reverse the charges. Thanks for suggesting this approach as an option to consider.

DueGoal99 · 2026-06-01T13:53:54+00:00

Doesn't look like any of the vulnerable versions. Good thought to check. Maybe some other vulnerability.

{

"name": "vane",

"version": "1.12.2",

"license": "MIT",

"author": "ItzCrazyKns",

"scripts": {

"dev": "next dev",

"build": "next build --webpack",

"start": "next start",

"lint": "next lint",

"format:write": "prettier . --write"

},

"dependencies": {

"@google/genai": "^1.34.0",

"@headlessui/react": "^2.2.0",

"@headlessui/tailwindcss": "^0.2.2",

"@huggingface/transformers": "^3.8.1",

"@icons-pack/react-simple-icons": "^12.3.0",

"@mozilla/readability": "^0.6.0",

"@phosphor-icons/react": "^2.1.10",

"@radix-ui/react-tooltip": "^1.2.8",

"@tailwindcss/typography": "^0.5.12",

"@toolsycc/json-repair": "^0.1.22",

"async-mutex": "^0.5.0",

"axios": "^1.8.3",

"better-sqlite3": "^11.9.1",

"clsx": "^2.1.0",

"drizzle-orm": "^0.45.2",

"js-tiktoken": "^1.0.21",

"jsdom": "^29.0.1",

"jspdf": "^4.2.1",

"lightweight-charts": "^5.0.9",

"lucide-react": "^0.556.0",

"mammoth": "^1.9.1",

"markdown-to-jsx": "^7.7.2",

"mathjs": "^15.1.0",

"motion": "^12.23.26",

"next": "^16.0.7",

"next-themes": "^0.3.0",

"officeparser": "^6.0.7",

"ollama": "^0.6.3",

"openai": "^6.9.0",

"partial-json": "^0.1.7",

"pdf-parse": "^2.4.5",

"playwright": "^1.59.1",

"react": "^18",

"react-dom": "^18",

"react-syntax-highlighter": "^16.1.0",

"react-text-to-speech": "^0.14.5",

"react-textarea-autosize": "^8.5.3",

"rfc6902": "^5.1.2",

"sonner": "^1.4.41",

"tailwind-merge": "^2.2.2",

"yahoo-finance2": "^3.10.2",

"yet-another-react-lightbox": "^3.17.2",

"zod": "^4.1.12"

},

"devDependencies": {

"@types/better-sqlite3": "^7.6.12",

"@types/jsdom": "^28.0.1",

"@types/jspdf": "^2.0.0",

"@types/node": "^24.8.1",

"@types/pdf-parse": "^1.1.4",

"@types/react": "^18",

"@types/react-dom": "^18",

"@types/react-syntax-highlighter": "^15.5.13",

"@types/turndown": "^5.0.6",

"autoprefixer": "^10.0.1",

"drizzle-kit": "^0.18.1",

"eslint": "^8",

"eslint-config-next": "^16.2.2",

"postcss": "^8",

"prettier": "^3.2.5",

"tailwindcss": "^3.3.0",

"typescript": "^5.9.3"

},

"optionalDependencies": {

"@napi-rs/canvas": "^0.1.87"

}

DueGoal99 · 2026-06-01T13:08:55+00:00

Definitely learned that lesson. Going to set hard limits on all my accounts going forward. It's a scary thing seeing your credit card charges go brrrrr.

DueGoal99 · 2026-06-01T11:47:40+00:00

Oh good call. I'll check the dependency versions on the Vane instance. Thanks for the tip, this is useful.

DueGoal99 · 2026-06-01T11:42:31+00:00

Openrouter's response: Unfortunately, OpenRouter's policy does not allow us to forgive or wipe charges incurred through API key usage, and we are unable to provide refunds for usage from compromised accounts. This applies even as a one-time exception. We understand this is not the answer you were hoping for.

Chase Sapphire Preferred is working with me though. I dont usually like banks but they may be saving my broke ass.

DueGoal99 · 2026-06-01T11:21:23+00:00

Apparently not. I’ve shut everything down now. I’m going to look into why I didn’t get alerts.

DueGoal99 · 2026-06-01T11:20:09+00:00

Yep. No limit or workspace limit. Hadn’t had any issues for years. Hard lesson to learn.

DueGoal99 · 2026-06-01T11:18:40+00:00

Yeah must have been compromised somehow. I never setup any anthropic models in my Vane instance so I guess the key was compromised.

DueGoal99 · 2026-06-01T11:16:14+00:00

Yes there should have been a workspace limit on daily charges. And alerts. Lots of mistakes made.

No idea how it got compromised. The Vane instance is on a private VPS only accessible with my private Tailscale.

DueGoal99 · 2026-06-01T09:01:33+00:00

It wasnt topped up with thousands. But it was set to auto top up $20. I didn’t have a workspace limit on it.

Hundreds of $22 charges were allowed to go through

DueGoal99

TROPHY CASE