The emergence of LLMjacking attacks targeting DeepSeek has raised concerns in the cybersecurity community as attackers exploit AI models to rack up massive cloud costs. According to the Sysdig Threat Research Team (TRT), the evolution of LLMjacking attacks has been rapid since their discovery in May 2024, with attackers quickly adapting to new Large Language Models (LLMs) like DeepSeek.
One of the key aspects of the exploitation of DeepSeek API keys and the monetization of LLMjacking is the active involvement of attackers in compromising accounts to use expensive cloud-based LLM services without paying. The TRT’s updated findings highlight how LLMjacking has become a well-established attack vector, with online communities sharing tools and techniques for carrying out these attacks.
The monetization of LLMjacking has also gained traction, with reports of LLM access being sold through OpenAI Reverse Proxies (ORPs) for a monthly fee. The high costs associated with LLM services have driven attackers to seek unauthorized access through stolen accounts. In one instance, nearly $50,000 in costs were generated within just 4.5 days, with certain LLM models proving to be the most expensive.
The scale of resource exploitation in LLMjacking attacks is staggering, with observed ORPs exceeding two billion total tokens. Legitimate account holders whose credentials have been stolen are often the victims of these attacks. ORP servers acting as reverse proxies for various LLMs enable attackers to hide their source effectively, using stolen API keys from providers like OpenAI, Google AI, and Mistral AI to provide LLM access to others.
Online communities play a significant role in exploiting LLMjacking, with platforms like 4chan and Discord facilitating the sharing of LLM access through ORPs. The use of platforms like Rentry.co for sharing tools and services further complicates the detection of these attacks. Customized ORPs are commonly used to access stolen accounts, with attackers targeting vulnerable services and using verification scripts to identify credentials for accessing machine learning services.
To combat LLMjacking, cybersecurity experts recommend securing access keys and implementing strong identity management practices. Best practices include avoiding hardcoding credentials, using temporary credentials, regularly rotating access keys, and monitoring for exposed credentials and suspicious account behavior. By proactively addressing these vulnerabilities, organizations can mitigate the risk of falling victim to LLMjacking attacks.