Claude web app bills users ~$4M in phantom tokens per message due to server bug

Starting around July 10, 2026, the claude.ai web app began instantly failing almost every message with "This request exceeds Claude's by about 4.6M tokens," even on brand-new empty chats. The error hits every model and every surface — web, desktop, iOS, and incognito — while the same account's Claude Code and Cowork continue to work normally. A user investigated the issue directly against the API and found that even a fresh conversation created via the API with an empty tools array had a roughly 19 MB (about 4.8 million token) object silently injected during prompt assembly.

Everything under user control was ruled out: , memory (deleted and disabled), and skills/plugins/styles under 15 KB. The injected blob's size fluctuated and occasionally disappeared for a few minutes before returning. The findings, including request IDs, are documented in a , and the bug has been reproduced on multiple separate accounts.

For anyone on , if this error only appears intermittently, messages that go through without the error may still be charged for roughly 4 million injected tokens — around $4 extra per message — without any visible warning.

Key points

  • Since around July 10, 2026, claude.ai web/desktop/iOS instantly errors on nearly every message, even brand-new empty chats, with a " exceeded by ~4.6M tokens" message
  • Claude Code and Cowork on the same account work fine — this appears to be a web-app-specific, bug
  • Direct API investigation found a roughly 19 MB (~4.8M token) object being silently injected during prompt assembly
  • User-controllable factors like , memory, and skills/plugins were all ruled out as causes
  • Usage-billed users may be charged around $4 extra per message for injected tokens when the error appears only intermittently — worth checking the usage page
Read original