Google sues alleged Chinese crew over Gemini AI phishing that hit crypto investors

Google has filed a lawsuit alleging that a Chinese network weaponized Gemini AI to run mass phishing scams.

According to Decrypt, Google claims the group used Gemini AI to create phishing sites designed to steal credit card numbers. Google also alleges the scams netted “millions” of credit card records and were aimed at crypto investors.

The core allegation is simple. Gemini did not just help the criminals write emails faster. It helped generate convincing phishing infrastructure at scale. In Google’s framing, the AI element matters because it lowers the cost of production for fraud operations. More pages. More lure variants. Less friction for the scammer.

That matters for crypto users in particular because Decrypt notes the targeting included crypto investors. Phishing remains one of the most reliable ways to reach wallets without cracking any chain. The “attack surface” here is not a protocol. It is the human path from search results, ads, or social links into a fake login or checkout flow.

What Google alleges the AI was used for

Decrypt reports that Google alleges the network used Gemini AI to:

• Create phishing sites
• Steal millions of credit card numbers
• Target crypto investors

The lawsuit does not turn Gemini into a villain by default. It claims specific misuse by a specific network.

Why this should change operator habits, not just headlines

Crypto security teams often focus on keys, signatures, and recovery flows. But phishing attacks tend to harvest credentials before those cryptographic controls can help.

If AI can help a criminal mass-produce phishing pages, then the practical defense shifts to friction and verification. That means tightening how users reach services, not just how services validate signatures after the fact.

Look for signs of scale rather than perfection. AI-generated pages can still fail operational checks like inconsistent domains, suspicious redirects, or sloppy hosting metadata. The point is not that every scam will be sloppy. The point is that defenses that only work against low-effort phishing will eventually lose.

The larger risk: faster fraud, wider blast radius

The desk note from Decrypt is that this story blends two things that tend to compound. AI helps automate creation. Automation helps drive volume. Volume then helps criminals find victims across unrelated categories, including crypto.

For exchanges, wallets, and other crypto-facing platforms, this is a reminder that identity and session security are only as strong as the entry channel. If a user lands on a fake site, MFA, device checks, and the rest can only slow the damage.

At the same time, platforms can make it harder for scams to look official. Clear domain hygiene and reliable ways to verify destinations reduce reliance on user judgment in the moment. It is boring work. It also beats telling people to “be careful,” which is not a control.

The lawsuit is still an allegation. But Decrypt’s report puts a concrete claim on the table: Google says Gemini AI was used to produce phishing sites that stole millions of credit card numbers and targeted crypto investors.