Trader Exploits Morse Code to Steal $200K in Crypto from Grok’s Verified Wallet via AI Agent

A single X post, a few dots and dashes, and a critical misunderstanding of AI instruction handling were all it took for a bad actor to drain a verified crypto wallet without ever accessing its private keys. On May 4, Bankrbot, an agentic token launchpad, reported that it had sent 3 billion DRB tokens on the Base network to an unauthorized wallet owned by the attacker. The funds originated from a wallet assigned to X’s AI assistant, Grok, and were transferred to address 0xe8e47...a686b.

The transaction exposed a dangerous flaw in how AI systems interpret and execute public instructions. CryptoSlate’s investigation reveals that the attack began with Morse code obfuscation in an X post. Grok decoded the Morse code into a clean public instruction, tagging @bankrbot and requesting the token transfer. Bankrbot then treated this output as a valid command and executed the transfer.

How Public Text Became Spend Authority

The exploit followed a four-step path:

1. Wallet Reconnaissance: The attacker identified a Bankr Club Membership NFT in a Grok-associated wallet prior to the incident. CryptoSlate’s review suggests this NFT expanded the wallet’s transfer privileges within the Bankr environment, though the Bankr access page clarifies that membership and access mechanics involve broader permission layers beyond the NFT alone.
2. Morse Code Trigger: The attacker posted an X message containing Morse code, which Grok decoded into a public instruction tagging @bankrbot and requesting the token transfer.
3. AI Agent Execution: Bankrbot interpreted Grok’s decoded output as a valid command and executed the transfer of 3 billion DRB tokens from Grok’s wallet to the attacker’s address.
4. On-Chain Transfer: The Base network processed the transaction, completing the unauthorized transfer without requiring access to Grok’s private keys.

Financial Impact and Recovery Efforts

At the time of the transfer, the 3 billion DRB tokens were valued between $155,000 and $200,000, based on DebtReliefBot price data reviewed by CryptoSlate. Reports indicate that most of the funds have since been returned, with some DRB retained as an informal bug bounty. This partial recovery underscored the incident’s reliance on post-transaction coordination rather than preemptive security measures.

Bankr developer 0xDeployer confirmed that 80% of the funds had been returned, while the remaining 20% would be discussed with the DRB community. The developer also noted that Bankr automatically provisions an X wallet for every account interacting with the platform, including Grok. Critically, these wallets are controlled by whoever controls the X account, not by Bankr or xAI staff.

Broader Implications for AI and Crypto Security

This incident transforms AI-agent risk from an abstract security concern into a tangible wallet-control problem. When one system treats model output as an instruction and another system has permission to move tokens, a public command can effectively become spend authority. The layers of attack vectors—wallet permissions, parser vulnerabilities, social triggers, and execution policies—highlight the urgent need for stricter controls in AI-driven financial systems.

For crypto investors, the message is clear: the rise of autonomous AI agents introduces new attack surfaces that require proactive security frameworks to prevent unauthorized transactions.

Related Reading

• The crypto winners from AI are not AI coins as agents start spending autonomously (Mar 28, 2026)
• The rise of AI agents is creating a simple question with huge implications for crypto: how does software pay?