Russian Hacker Used Jailbroken Gemini to Steal Crypto Wallets

**Executive summary:** TrendAI™ Research exposed a five-year fraud campaign by a Russian-speaking solo operator leveraging a persistently jailbroken Google Gemini to automate targeted credential stuffing, WordPress administrator account compromises, and distribution of a trojanized cryptocurrency wallet (StellarMonSetup.exe / GoToResolve RAT), draining wallets and harvesting mnemonics; the report includes IOCs (IP, domains, hashes), operational TTPs (API key reuse, CLI-driven memory persistence, proxies, round-robin key rotation), affected victim sectors, and remediation recommendations.