Musician charged with $10M streaming royalties fraud using AI and bots
North Carolina musician Michael Smith was indicted for collecting over $10 million in royalty payments from Spotify, Amazon Music, Apple Music, and YouTube Music using AI-generated songs streamed by thousands of bots in a massive streaming fraud scheme.
According to court documents, Smith fraudulently inflated music streams on digital platforms between 2017 and 2024 with the assistance of an unnamed music promoter and the Chief Executive Officer of an AI music company.
He acquired hundreds of thousands of songs generated through artificial intelligence (AI) from a coconspirator and uploaded them to these streaming platforms. He then used automated bots to stream the AI-generated tracks billions of times.
To avoid detection by the streaming platforms’ anti-fraud systems, Smith ensured his bots accessed the platforms using virtual private networks (VPNs).
On October 4, 2018, he emailed his coconspirators to say, "in order to not raise any issues with the powers that be we need a TON of content with small amounts of Streams."
He also said, "We need to get a TON of songs fast to make this work around the anti fraud policies these guys are all using now."
4 billion fake streams spread over five years
At the peak of his operation, Smith allegedly employed over 1,000 bot accounts to artificially boost streams across various platforms. On October 20, 2017, Smith emailed himself a financial breakdown outlining how he operated 52 cloud services accounts, each with 20 bot accounts, totaling 1,040 bots.
He also estimated that each account could stream approximately 636 songs per day, resulting in around 661,440 streams daily. With an average royalty rate of half a cent per stream, Smith calculated that the daily earnings would reach $3,307.20, monthly earnings of $99,216, and annual earnings exceeding $1.2 million.
By manipulating streaming data, Smith fraudulently collected more than $10 million in royalty payments after his bots streamed hundreds of thousands of AI-generated songs billions of times. In a February 2024 email, he boasted that his songs generated "over 4 billion streams and $12 million in royalties since 2019."
"Through his brazen fraud scheme, Smith stole millions in royalties that should have been paid to musicians, songwriters, and other rights holders whose songs were legitimately streamed," said U.S. Attorney Damian Williams.
Smith now faces charges of wire fraud, wire fraud conspiracy, and money laundering conspiracy, each carrying a maximum sentence of 20 years in prison.
Hacker trap: Fake OnlyFans tool backstabs cybercriminals, steals passwords
Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
MediumCWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
HighCWE-243 Creation of chroot Jail Without Changing Working Directory
CWE-1299 Missing Protection Mechanism for Alternate Hardware Interface
CWE-213 Exposure of Sensitive Information Due to Incompatible Policies
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-1246 Improper Write Handling in Limited-write Non-Volatile Memories
Free online web security scanner