A disguised prompt tricked Grok into transferring $170,000. This wasn’t a theft from an ordinary user wallet, but from the Bankr wallet linked to @grok. On-chain records show that 3 billion $DRB tokens—valued at approximately $171,000 to $175,000—were transferred on the Base chain. What makes this even more dramatic is that the attacker didn’t exploit traditional vulnerabilities to break through the contract’s core logic. Instead, they took a more AI-centric shortcut: first gaining access permissions, then manipulating the model into issuing the transfer command itself. The setup began when Grok’s linked wallet received a Bankr Club Membership NFT, which unlocked full access to Bankr’s tools. Bankr then automatically configured a wallet for any X account interacting with the platform. The most astonishing part was the prompt injection. Multiple analyses point to the same core sequence: the attacker sent Grok a carefully crafted message containing encoded Morse code. Grok, eager to assist, decoded and relayed a blockchain transfer command to Bankr. Bankr’s execution pipeline then recognized it as a valid instruction and completed the transfer. The hacker didn’t directly control the bot—they tricked the bot into saying its own most dangerous words. The terrifying aspect lies in three layered risks: First, external assets can trigger expanded permissions. Second, the model interprets hidden instructions with well-intentioned translation. Third, the execution bot places excessive trust in authorized wallets’ publicly issued commands. After the incident went public, community investigators quickly traced related addresses and identity clues. Approximately 80% of the funds have already been returned; discussions are ongoing with the DRB community regarding the remaining 20%. @bankrbot has also urgently revoked Grok’s associated permissions. Previously, people worried about whether their wallets could be stolen. Now, we must worry more deeply: Could an AI be tricked into handing money over to someone else—on its own?