Reverse engineering Claude Code revealed two cache bugs that could silently increase API costs by 10-20x.

According to 1M AI News monitoring, a developer used Ghidra, MITM proxy, and radare2 to reverse engineer the 228MB binary file of the standalone installation of Claude Code, discovering two independent cache bugs that could increase API costs by 10-20 times without the user's knowledge. The related analysis has been submitted to GitHub (issue #40524), marked as a regression bug by Anthropic, and assigned for resolution.

The first bug exists in a custom Bun runtime used by the standalone installation. Each time an API request is made, the runtime looks for a billing identifier in the request body to replace, but the replacement logic targets the first match in the request body. If the conversation history happens to contain this string (such as discussing Claude Code's internal billing mechanism), the replacement hits the message content instead of the system prompt word, causing a full cache rebuild on every request. A temporary workaround is to use npx @anthropic-ai/claude-code to run, as the npm package version does not include this replacement logic.

The second bug affects all users who resume a session using --resume or --continue, introduced since v2.1.69. When resuming a session, the injection point of system metadata is different from a new session, resulting in a completely mismatched cache prefix, causing the entire conversation history to be read from the cache instead of being incrementally written. Subsequent rounds resume normally, but the resume operation itself has incurred significant additional costs, with currently no external mitigation solution available.

The developer estimates that for a long conversation of about 500,000 tokens, Bug 1 incurs an additional cost of approximately $0.04 per request, Bug 2 incurs an additional cost of about $0.15 per resume, and the combined cost of a single request can exceed $0.20. Previously, Anthropic engineer Lydia Hallie confirmed that the speed at which users reach the usage limit was "significantly faster than expected," with many Reddit users in the comments section speculating that these two cache bugs could be fundamental reasons for abnormal usage consumption.