LLMHorrors

Stories you never want to feel on your own skin

claude-code stripe security api-key

Exposed key led to $2,500 in Stripe fees

Andras Bacsai's avatar
Andras Bacsai Saturday, February 28, 2026
Exposed key led to $2,500 in Stripe fees

Original post

Conclusion: Keep API keys off the frontend and verify auth, rate limits, and abuse protections before launch.

tldr: Exposed keys in a vibe-coded app caused 175 fraudulent $500 charges and about $2,500 in Stripe fees before key rotation.


Andras Bacsai's avatar
Andras Bacsai

Founder of coollabs.io | coolify.io | jean.build | serverlesshorrors.com | llmhorrors.com | fonts.coollabs.io | ❤️ OSS & simplicity | 2 x dad, Entrepreneur.


Follow on Twitter

Suggest changes on GitHub