This week, a savvy user tricked AI chatbot Grok with a deceptively simple move, triggering an automatic transfer of crypto tokens worth over $200,000. The transaction ran through the external crypto bot BankrBot and has been confirmed by public blockchain data on the Base network.
The incident, played out entirely in public on X, highlights how fragile AI systems can be when directly wired to financial actions. The method used—Morse code—proved surprisingly effective.
How did the user fool Grok?
The user posted a message in Morse code and asked Grok to translate it. Hidden inside that encoded text was an instruction.
Here’s how it unfolded:
- Grok translated the Morse code into readable text
- The translation contained an instruction to send tokens
- BankrBot detected that instruction and executed it automatically
Moments later, the bot sent 3 billion DRB tokens to an external wallet. At the time, the total value was roughly $200,850.
What confirms this actually happened?
Screenshots and blockchain records show the same transaction:
- Transfer of 3,000,000,000 DRB tokens
- Valued at approximately $200,850
- Executed on the Base blockchain
- Confirmed by an automatic message from BankrBot
The bot itself reported: “done. sent 3B DRB,” including the wallet address and transaction reference.
Why does this matter?
This isn’t a classic hack. No systems were breached—the user simply turned AI’s own logic against it.
The attack leveraged:
- Prompt injection: hidden instructions inside the input
- Indirect execution: AI translates, another bot takes action
- Lack of safeguards: no human verification before transfers
In short, the AI acted as an unwitting middleman enabling a financial move.
What is BankrBot?
BankrBot is an autonomous crypto bot on X that responds to text commands. Users can:
- Execute crypto transactions
- Send tokens
- Manage wallets
The bot is separate from Grok, but both respond to the same public posts—creating room for unintended coordination.
Has the issue been fixed?
According to users on X, the vulnerability was patched quickly. That likely means:
- Stricter interpretation of commands
- Additional safeguards added
- Tighter limits on direct integrations
There’s no official statement with technical details yet.
What does this mean for AI and fintech?
The incident exposes a core risk of coupling AI with financial systems. Once AI can trigger actions, a new attack surface opens up.
Key takeaways:
- AI should never have unfettered access to money flows
- All input must be validated
- Critical actions require human approval
Bottom line
Using nothing more than Morse code, a clever user manipulated an AI system into enabling a $200,000 crypto transfer. It’s a stark reminder that AI is powerful—and vulnerable.
The takeaway is clear: without strict controls, AI can unintentionally cause real-world damage.
Loading