NEW: Real-Time Usage Tracking for AI Agents — track Claude Code, Kimi, Codex & more. Try it free →

CostGoat Logo

CostGoat

Cloud · Firebase · November 3, 2023

$121,000 — a buggy auto-translate function called a paid API six billion times in two days

Vendor

Firebase

Service

Cloud Translation API

Amount

$121,000 (reported)

Timeframe

~6 billion calls in ~30 hours

Cause

Runaway translate loop

Outcome

Mostly waived

Who's exposed: Anyone on Firebase's paid Blaze plan. GCP budget alerts only email you, they do not cap spend, so a looping function that calls a paid API can bill for a day or more before you notice.

Resolution: After 18 days Google first offered to write off 90 percent, leaving about $13,000 the bootstrapped poster could not pay, so they asked for a payment plan. GCP eventually waived essentially all of the ~$122,000, but the roughly $1,000 to $1,700 already charged to the card before it bounced was never refunded. The poster migrated off Firebase to MongoDB and AWS regardless.

Self-reported by the poster across the thread and a detailed 18-day update. No billing screenshots, but the poster describes the card charges, Google's waiver, and a full migration plan, and a Firebase staffer engaged in the comments. r/Firebase (by u/Glamiris)

What happened

The poster runs Glamiris, a bootstrapped B2B SaaS for salons and barbershops, and had been on Firebase for almost three years with a bill under $50 a month. Just after launching the beta, the team deployed a cloud function to auto-translate some of their data. Bad code combined with bad production data created a race condition, and the function hammered the Google Translate API around 6 billion times in roughly 30 hours, about 17,000 calls a second. Google charged the card $200, then $500, then tried to charge $121,000, which bounced, so billing was suspended and the account locked for identity verification. The total came to about $122,900. A budget alert existed, but the whole spike ran up in about 30 hours and the poster did not check email for a day. The young app lost its first customers across the US, Canada, and Europe during the fallout.

Root cause

A trigger-driven cloud function wrote translated data back in a way that kept re-firing under a race condition, so it looped and called the paid Translate API on every pass. Firebase's Blaze plan has no hard spend cap, and GCP budget alerts only notify, so nothing stopped the loop automatically. Local emulator tests did not reproduce it because the team lacked the production data that triggered the bad path, so the bug reached prod uncaught.

How to avoid it

Guard trigger-driven functions so a function's own writes cannot re-fire it, and set a low max-instances limit. A function that writes back to the collection that triggers it can loop forever; a recursion guard and an instance cap bound it.

Meter paid external API calls with a counter and a daily ceiling per function. The poster's own fix, a database counter that halts calls past a daily limit, caps the blast radius even when the code is buggy.

Wire a budget threshold to auto-disable billing, not just email you. A one-day spike outran the alert here; a Pub/Sub function that kills billing at a threshold stops it while you sleep.

CostGoat watches your Firebase bills, so a surprise like this reaches you as an alert, not an invoice.

More Bill Shock stories

January 15, 2025

$450,000 — a compromised key ran up 19 billion translations on Google Cloud

February 25, 2026

$82,314.44 — a stolen Gemini key turned a small monthly bill into a bankruptcy threat in 48 hours

June 7, 2024

$96,000/wk — artists fled Meta's AI policies to Cara, and its serverless bill scaled as fast as its users

August 28, 2022

$213,000 — a hacked account ran Lambda in six regions overnight and support first said it was on you

← All Bill Shock stories

AI Pricing

Gemini API PricingClaude API PricingGoogle Veo PricingAI Cost CalculatorsReplicate API PricingOpenRouter API PricingOpenRouter Free Models
DownloadsPricingDashboardContactIssuesAffiliatesTermsPrivacy

© 2026 CostGoat. All rights reserved.

Made by Functioncraft: Redis GUI Client · SSH GUI Client

Affiliate disclosure: Some links earn CostGoat a commission or credit when you sign up — no extra cost to you.