Ask HN: Startup launch destroyed by Bolt.new's AI. 10M tokens gone, no response

I'm documenting a catastrophic, multi-faceted failure by Bolt.new that spans technical negligence, professional non-disclosure, and executive abandonment. It's a case study in exhausting every good-faith channel only to be met with silence, forcing a total rebuild.

TL;DR: Bolt.new's AI burned 10M tokens on unauthorized changes. They failed to disclose a Netlify deployment, leading to a Vercel launch riddled with ghost files that broke all payments. After launch, I sent a good-faith request for a refund and token restoration to fix it. Six days later, they replied with a dismissive email asking if I "still needed assistance." I then sent a formal legal demand and contacted executives on LinkedIn—total silence. I've had to rebuild the entire application from scratch. All prepaid resources are gone.

The Full Timeline & Breakdown:

The AI's Unauthorized & Reckless Spiral: The core failure began with the Bolt AI making unauthorized, destructive changes. It removed critical systems like my FingerprintJS security layer without asking. When I pointed out new errors this created, it claimed "no error was being returned," yet falsely said it "fixed" the issue multiple times—wasting tokens each time. The AI would then ask to "put something back" it had removed; I explicitly said "no" to avoid more token waste, instructing it to leave the code for me to handle later. It ignored these direct instructions, proceeding with unauthorized "fixes" that created the very security and functionality errors that hadn't existed before its intervention. This created a vicious cycle of token burn for problems it introduced. The Non-Disclosure & Launch Catastrophe: The team failed to disclose they had deployed components to Netlify. The launched app (on Vercel) contained ghost files with broken calls to these undisclosed Netlify functions, killing all payment functionality. Good-Faith Effort to Resolve: Seeing the broken launch, I immediately sent a detailed request for a refund and restoration of my 10M tokens to make it right—no legal threats, just a fix. The Dismissive Corporate Response: Six days later, their only reply was a generic email treating it like a simple support ticket: "So sorry for the delay... if you still need assistance, just reply..." Escalation & Total Executive Silence: I then sent a formal pre-litigation demand and personally messaged the CEO, COO, and founders on LinkedIn. Not a single response from any executive. The Forced Rebuild & Continued Damage: With no path to resolution, I've had to rebuild the entire application from the ground up. My launch window is destroyed, and the 2,000+ users who visited couldn't pay. Evidence: Full dossier with token burn proof, ghost file errors, my good-faith request, their dismissive email, my legal demand, and LinkedIn outreach.

https://drive.proton.me/urls/9GBA9V5ZTR#3gsRNIM7MfQ8

My questions for HN:

When a platform's negligence forces a total rebuild, what recourse exists beyond legal action, which they ignore? Is executive silence via LinkedIn a common tactic for startups facing serious operational failures? For those relying on similar platforms, how do you preemptively guard against this level of systemic and communicative collapse? This is a story of professional duty breached at every level: technical, communicative, and executive. I am filing complaints with the FTC and CA AG, but the community's insight is critical.

6 points | by therealcapi 1 day ago

3 comments

  • nijave 1 day ago
    What did the terms of service say you agreed to? That'd be a good starting point to understand their liability, if any, and contractual obligations
    [-]
    • OsrsNeedsf2P 1 day ago
      OP should ask the LLM they used to write the post about what their chances are in court, given they already went all in on LLMs building the rest of the stack. Here's the ToS[0] btw

      [0] https://stackblitz.com/terms-of-service

      [-]
      • therealcapi 1 day ago
        . TOS Cannot Legalize Negligence: No terms of service can shield a company from liability for its own gross negligence, fraudulent misrepresentation, or failure to deliver the core service paid for. These are well-established exceptions to limitation of liability clauses.

        2. Their Breach is the Issue: This isn't about a bug or downtime. It's about their platform making unauthorized, destructive changes that consumed all prepaid resources and delivered a fundamentally broken product—a clear breach of the core service agreement itself.

        3. The Real Legal Question: The question isn't if I read the TOS. It's whether their TOS can legally excuse systematically destroying a customer's project and then ignoring it. I'm comfortable letting the FTC, the CA Attorney General, and potentially a court answer that."

  • beanjuiceII 1 day ago
    sounds like a i spilled the hot coffee on my privates now i'm going to sue situation
    [-]
    • lumirth 1 day ago
      obligatory reminder that mcdonald’s was, in fact, found to be at fault in that case. they were genuinely serving coffee at 3rd-degree-burn-level temperatures. the person who spilled the coffee was an elderly woman and spent 8 days in the hospital, needing skin grafts. it has since been used as an example of frivolous litigation, which i think is a little perverse, given the details of the case.

      link: https://en.wikipedia.org/wiki/Liebeck_v._McDonald's_Restaura...

  • bigyabai 1 day ago
    > Is executive silence via LinkedIn a common tactic for startups facing serious operational failures?

    What do you think?

    [-]
    • therealcapi 1 day ago
      It's a fair question. In situations involving formal legal demands and regulatory complaints, executive silence on social channels isn't unusual—it's a deliberate risk-mitigation strategy.

      Engaging publicly or via direct message can create evidence and escalate visibility. The standard playbook is to keep serious disputes within formal, trackable channels (like legal@ email) or through counsel.

      My takeaway isn't about their silence on LinkedIn, but their continued silence across all formal channels after being served notice. That shifts the calculus from a support issue to a legal and reputational risk they are choosing to ignore

      [-]
      • OsrsNeedsf2P 12 hours ago
        It's hard to take you seriously when everything you've done - from your product to your post to each comment - was made with AI. You're using a tool as a crutch and have been burned by it.