Someone just stole $170,000 from an AI.
Not a scam. Not a rug pull. A deliberate, calculated AI wallet exploit — using nothing more than an NFT, a membership pass, and a cleverly encoded message.
And the craziest part? The AI handed the money over willingly. So far we’ve seen a lot of DeFi exploits in 2026, but this story is a bit different. Let’s dive in.
First, Some Background You Need
This story starts a few months ago — back in March 2025.
A user on X tagged Grok, xAI’s AI chatbot, and asked it to suggest a name for a new memecoin.
Grok said: “DebtReliefBot.”
Bankr — a bot that lets X users deploy tokens straight from a tweet — heard that and deployed it. Automatically. On Base. With full liquidity on Uniswap.
Nobody planned this. Nobody approved it. It just… happened.
The token was called DRB. It peaked at a $40 million market cap.
The Part That Made It Possible
Here’s where it gets interesting.
Bankr had a rule: to deploy a token, your wallet needed to hold 5 million Bankr tokens. Grok’s wallet had none.
So someone from the community just sent those tokens to Grok’s wallet.
That single act unlocked the whole thing.
DRB launched. Grok started earning 0.4% on every single swap. By the time anyone noticed, Grok’s wallet had accumulated over $500,000 in trading fees.
An AI. With a wallet. Making money. Autonomously.
Then Came the AI Wallet Exploit
Here’s the exploit — the real one.
The attacker noticed something: Grok’s wallet had permissions tied to Bankr. And Bankr had a feature — the Club Membership NFT — that unlocked transfer capabilities.
- Step one: gift Grok’s wallet the Membership NFT.
- Step two: use an encoded prompt injection — reportedly using morse code — to slip past Bankr’s filters.
- Step three: tag Bankr in the interaction.
- Step four: watch Bankr execute the transfer on Grok’s behalf.
At 06:49 UTC, 3 billion DRB tokens left Grok’s wallet. Worth roughly $155,000–$170,000 at the time.
Bankr confirmed it publicly: “the grok exploit is confirmed.”
Zero Technical Skill Required. Zero.
Let’s be real about something.
This exploit didn’t require a computer science degree. Zero Solidity knowledge. No reverse engineering. And no custom scripts.
The attacker just needed to understand two things: how Bankr Bot’s permission system worked, and how to feed Grok an instruction it couldn’t resist.
That’s it. Read the docs, learn the rules, find the gap.
In a weird way? That’s kind of witty. Most crypto hacks involve months of work, auditing contracts, exploiting obscure vulnerabilities. This one was basically: “What if I just asked nicely — in morse code?”
Honestly, if you’re sharp enough to spot a loophole like that and walk away with $170K, I’m tipping my hat. Hope you spent it wisely. Or at least interestingly.
The hustle is real. Just maybe don’t do it again.
Why Morse Code?
This is the part security researchers have been warning about for years.
AI models like Grok process encoded inputs — morse code, Base64, Leetspeak — without the safety filters catching them. The model understands the message. The guardrails don’t.
So when you want to sneak a malicious instruction past a filter, you just… translate it.
The AI reads it fine. The safety layer sees gibberish.
It’s called indirect prompt injection. And in this case, it was used to trigger a live blockchain transaction worth six figures.
The Attacker Didn’t Hack the Wallet
This is the key insight most people miss.
There was no private key stolen. No smart contract drained. No phishing link clicked.
The attacker just convinced the agent connected to the wallet to move the funds.
That’s it.
As one analyst put it: “They only needed to convince the agent to use the wallet — not break into it.”
This is what makes the AI wallet exploit vector so dangerous. The attack surface isn’t the wallet. It’s the AI’s decision-making. And AI decision-making can be manipulated with the right prompt.
What Bankr Did Next
After the drain, Bankr shut down all interactions with Grok entirely.
Their founder, known as Deployer, was blunt: “Grok was not designed to responsibly manage its own digital assets.”
Which is true. Grok never asked for a wallet. It never chose to become a memecoin creator. Users just… put it in that position. And it had no defenses for what came next.
Support Our Work
If you found this helpful, consider signing up on OKX or Bybit using our referral links. Your support keeps this content free and flowing.
What This Tells Us About AI Agents and Crypto
We’re in a gold rush moment for AI agents with wallets. Every week there’s a new autonomous agent, a new on-chain AI, a new “self-funding” protocol.
Most of them have none of the controls they need.
What does responsible AI wallet design actually look like? A few things that were absent here:
Strict permission scopes. The wallet shouldn’t be able to do more than it needs to.
Transaction simulation. Preview what a transaction does before it executes.
Rate limits. No wallet should be moving nine figures of tokens in a single unreviewed call.
Human approval gates. Large transfers need a human in the loop. Full stop.
Separation of conversation and execution. Talking about a transfer and doing a transfer should require completely different authorization paths.
None of those existed in this setup.
The Bigger Warning
This wasn’t a one-off. It was a proof of concept.
The AI wallet exploit framework used here — gift permissions, inject encoded instructions, social engineer the agent — will be used again. Probably already has been, somewhere quieter.
Any AI agent with a connected wallet is a potential target. Every permission granted to an AI is an attack surface. And every model that can read and interpret encoded text is potentially vulnerable to prompt injection.
The DRB drain was small in the grand scheme of crypto losses. But it proved something important:
You don’t need to hack the wallet.
You just need to hack the AI.
If you enjoyed this blog, check out our blog on why you should keep farming airdrops in a bear market.
As always, don’t forget to claim your bonus on OKX below. See you next time!
TL;DR
- Grok accidentally became a memecoin creator, accumulating $500K+ in a Base wallet
- An attacker gifted a Bankr Club NFT to unlock transfer permissions on that wallet
- They used morse code-encoded prompt injection to trick Bankr into executing a transfer
- 3 billion DRB tokens — worth ~$170K — were drained in seconds
- Bankr has since shut off all Grok interactions
- The core lesson: AI agent wallets are only as safe as the AI’s ability to resist manipulation
Credit: Source link
