[BUG] Billing - 12+ Unauthorized Auto-Recharge Charges Due to Exposed API Key, Only 1 of 12 Refunded

Resolved 💬 2 comments Opened Apr 22, 2026 by idiolle Closed Apr 25, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

My API key was exposed client-side due to a VITE_ prefixed environment variable, resulting in unauthorized usage. 12+ auto-recharge transactions totaling ~$148.67 occurred within 24 hours (April 16-17, 2026).

I contacted support and only 1 transaction ($11.00) was automatically refunded. The system marked my organization as "already refunded" and refuses to process the remaining ~$137.67.

5+ support conversations submitted (IDs: 215473951185476, 215473951268251, 215473951315517, 215473951805781, 215473987005927) but only AI agent responses received. No human agent has reviewed this case.

Account: idiolle@gmail.com
Organization: 현서방's Individual Org
Compromised key: jesamoad (sk-ant-api03-i7E...SQAA) - revoked
Period: April 16-17, 2026
Total unauthorized charges: ~$148.67
Refunded: $11.00 (1 transaction)
Remaining: ~$137.67

What Should Happen?

Refund of the remaining ~$137.67 in unauthorized auto-recharge charges, reviewed by a human billing specialist.

Error Messages/Logs

Steps to Reproduce

  1. API key exposed via VITE_CLAUDE_API_KEY in client-side JavaScript
  2. Unauthorized third party extracted key and made API calls
  3. Auto-reload triggered 12+ times ($10-15 each)
  4. Support AI agent refunded only 1 of 12+ transactions
  5. AI agent marks organization as "already refunded" and repeats policy

Claude Model

None

Is this a regression?

No, this never worked

Last Working Version

_No response_

Claude Code Version

N/A - billing issue

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

VS Code integrated terminal

Additional Information

Actions already taken:

  1. Revoked compromised API key
  2. Disabled auto-reload
  3. Reduced monthly spend limit
  4. Migrated all API calls to Firebase Functions backend proxy
  5. New key stored as Firebase Secret (server-side only)
  6. Added rate limiting (5 req/min, $5/day cap)

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗