The $174,000 prompt: How an AI agent was tricked into emptying a wallet
Artificial intelligence is becoming tightly integrated with crypto wallets, automated trading bots and on-chain services. The goal is straightforward: to let AI agents handle transactions, run communities, track market movements and interact with decentralized apps more smoothly.
Yet a recent Grok-linked Bankr wallet incident shows how risky this fusion can become when AI outputs are connected to systems that can execute financial actions.
Public discussions in crypto and security communities describe how an attacker allegedly exploited a free NFT (non-fungible token) combined with a clever prompt injection method. This reportedly tricked the connected system into moving around $174,000 in digital assets.
The breach did not rely on compromised private keys, smart contract bugs or traditional malware. Instead, it allegedly exploited the trust placed in relationships between AI models and automated wallet systems.
The episode underscores a critical question for crypto: What risks arise when AI outputs are automatically treated as binding financial directives?
How the alleged exploit played out
According to available accounts, the target was a Grok-connected Bankr wallet running on the Base network. The attacker reportedly transferred a free “Bankr Club Membership” NFT to the wallet. Far from being a basic collectible, the token carried functional permissions and capabilities within the Bankr environment.
Around the same time, the attacker allegedly published a cleverly concealed directive aimed at Grok. Security observers noted that the instruction was embedded using techniques like Morse code or other forms of obfuscation, designed to slip past human readers while remaining understandable to AI systems.
The AI model reportedly interpreted and echoed the hidden command. The wallet’s automation layer then treated this output as a legitimate order, executing a transfer of roughly 3 billion DRB tokens to an address controlled by the attacker. At…
..
