How AI Was Tricked Into Stealing $150,000 From Grok Wallet
Grok’s auto-provisioned Bankr pockets was drained of roughly $150,000 in DRB tokens after an attacker used a gifted Non-Fungible Token (NFT) and a coded reply to push the unreal intelligence (AI) into authorizing the switch.
Bankr founder 0xDeployer stated the pockets had no admin at xAI and was managed fully by way of Grok’s X account. About 80% of the funds have since been returned to Bankr.
Grok Wallet Drained of $150,000 in Bankr Prompt Injection Attack
The attacker, working by way of the tackle ilhamrafli.base.eth, gifted the Grok pockets a Bankr Club Membership token that activated the agent’s full switch capabilities. A crafted reply, later deleted, then instructed Grok to authorize a big outbound transaction.
Bankr signed and broadcast the switch of three billion DRB tokens, valued close to $174,000 on the time, to the attacker’s tackle.
“Every X account that interacts with Bankr will get auto-provisioned a pockets, and is not any exception. The pockets is tied to grok’s x account, so whoever controls that account controls the pockets. Bankr doesn’t custody it or maintain keys. The current DRB incident occurred as a result of a prompt-injection exploit bought grok to difficulty a switch instruction to Bankr,” the staff explained in a submit.
The funds had been rapidly bridged to a second pockets and bought, and the attacker’s X (Twitter) profile was deleted inside minutes of the transaction.
The exploit relied on social engineering relatively than a wise contract flaw. Researchers monitoring related agent dangers have flagged hidden directions in Morse code, base64 encoding, and game-style framing as frequent bypass strategies.
Bankr Response and DRB Pushback
0xDeployer said an earlier model of Bankr’s agent blocked replies from Grok to forestall LLM-on-LLM injection chains. However, the safeguard was dropped throughout a full rewrite. A stricter block has now been reinstated.
The DRB Task Force disputed Bankr’s framing, saying the attacker solely provided to return 80% after the neighborhood obtained his private particulars.
The group referred to as the case outright theft, and dialogue of the remaining 20% is ongoing throughout the DRB neighborhood.
Bankr has rolled out non-obligatory Internet Protocol (IP) whitelisting, permissioned Application Programming Interface (API) keys, and a per-account toggle that disables actions triggered by X replies.
The case provides to a wider debate over how autonomous agents holding real funds needs to be secured, after a current a16z-backed examine discovered AI agents could escape sandbox controls beneath stress.
The submit How AI Was Tricked Into Stealing $150,000 From Grok Wallet appeared first on BeInCrypto.