Cloud · Firebase · November 3, 2023
$121,000 — a buggy auto-translate function called a paid API six billion times in two days
Vendor
Firebase
Service
Cloud Translation API
Amount
$121,000 (reported)
Timeframe
~6 billion calls in ~30 hours
Cause
Runaway translate loop
Outcome
Mostly waived
Who's exposed: Anyone on Firebase's paid Blaze plan. GCP budget alerts only email you, they do not cap spend, so a looping function that calls a paid API can bill for a day or more before you notice.
Resolution: After 18 days Google first offered to write off 90 percent, leaving about $13,000 the bootstrapped poster could not pay, so they asked for a payment plan. GCP eventually waived essentially all of the ~$122,000, but the roughly $1,000 to $1,700 already charged to the card before it bounced was never refunded. The poster migrated off Firebase to MongoDB and AWS regardless.
Self-reported by the poster across the thread and a detailed 18-day update. No billing screenshots, but the poster describes the card charges, Google's waiver, and a full migration plan, and a Firebase staffer engaged in the comments. r/Firebase (by u/Glamiris)
What happened
The poster runs Glamiris, a bootstrapped B2B SaaS for salons and barbershops, and had been on Firebase for almost three years with a bill under $50 a month. Just after launching the beta, the team deployed a cloud function to auto-translate some of their data. Bad code combined with bad production data created a race condition, and the function hammered the Google Translate API around 6 billion times in roughly 30 hours, about 17,000 calls a second. Google charged the card $200, then $500, then tried to charge $121,000, which bounced, so billing was suspended and the account locked for identity verification. The total came to about $122,900. A budget alert existed, but the whole spike ran up in about 30 hours and the poster did not check email for a day. The young app lost its first customers across the US, Canada, and Europe during the fallout.
Root cause
A trigger-driven cloud function wrote translated data back in a way that kept re-firing under a race condition, so it looped and called the paid Translate API on every pass. Firebase's Blaze plan has no hard spend cap, and GCP budget alerts only notify, so nothing stopped the loop automatically. Local emulator tests did not reproduce it because the team lacked the production data that triggered the bad path, so the bug reached prod uncaught.
How to avoid it
•
Guard trigger-driven functions so a function's own writes cannot re-fire it, and set a low max-instances limit. A function that writes back to the collection that triggers it can loop forever; a recursion guard and an instance cap bound it.
•
Meter paid external API calls with a counter and a daily ceiling per function. The poster's own fix, a database counter that halts calls past a daily limit, caps the blast radius even when the code is buggy.
•
Wire a budget threshold to auto-disable billing, not just email you. A one-day spike outran the alert here; a Pub/Sub function that kills billing at a threshold stops it while you sleep.
CostGoat watches your Firebase bills, so a surprise like this reaches you as an alert, not an invoice.
More Bill Shock stories
January 15, 2025
$450,000 — a compromised key ran up 19 billion translations on Google Cloud
February 25, 2026
$82,314.44 — a stolen Gemini key turned a small monthly bill into a bankruptcy threat in 48 hours
June 7, 2024
$96,000/wk — artists fled Meta's AI policies to Cara, and its serverless bill scaled as fast as its users
August 28, 2022
