Sophisticated “LLMjacking” operations have obtained stolen access to DeepSeek models, just weeks after their public release.

LLMjacking, similar to proxyjacking and cryptojacking, involves the illicit use of someone else’s computing resources for one’s own purpose.

The victim, who wishes to remain anonymous, had his AWS credentials compromised, resulting in a $10,000 to $20,000 bill for half a day’s usage.

The victim had cost alerts toggled on in AWS, which allowed him to spot the anonymous activity early and shut off his account immediately.

AWS ultimately bailed out the victim, but the incident highlights the potential risks of LLMjacking on an enterprise level.

“You can imagine what a similar attack would do on an enterprise level, considering what could happen to just a single person,” warns Crystal Morin, who first reported the incident.