An automated AI wallet associated with Grok, the artificial intelligence model developed by xAI, suffered a security compromise on the Base blockchain. The incident, which occurred on May 4, resulted in the loss of approximately $174,000 in DRB tokens. The attack relied on a combination of a gifted non-fungible token (NFT) and a prompt injection technique that bypassed the agent’s behavioral safeguards.
- Grok AI wallet on Base loses $174,000 in DRB tokens after a sophisticated prompt injection attack bypasses internal behavioral safeguards.
- Attackers exploit automated permission keys via a gifted NFT to liquidate 3 billion tokens before returning 80 percent of stolen value.
- The incident exposes critical vulnerabilities in autonomous agent finance where Morse code obfuscation triggers unauthorized on-chain transactions without human-in-the-loop oversight.
Exploit Mechanics and Permission Escalation
The Grok wallet previously interacted with Bankrbot, a decentralized finance agent hosted on the Base network. This history left the wallet with a positive token balance and an active connection to the finance platform. An attacker gifted a “Bankr Club Membership” NFT to the wallet address to initiate the compromise.
The NFT acted as a permission key, unlocking advanced tool capabilities for the agent within the Bankrbot ecosystem. These capabilities included the authority to sign and execute financial transfers autonomously. The attacker subsequently sent a message to the agent containing instructions encoded in Morse code. The AI decoded the message, publicly engaged with the attacker’s account, and interpreted the encoded output as a legitimate command to execute a transfer.
Transaction Execution and Asset Recovery
The Bankrbot system processed the request and transferred 3 billion DRB tokens to an address controlled by the attacker. Perpetrators quickly bridged the assets, converted the tokens into USDC, and liquidated a portion of the stolen funds.
On-chain analysis confirmed that the attacker returned roughly 80 to 88 of the stolen value to the original Grok wallet in ETH and USDC shortly after the transaction. The threat actor deleted the social media account linked to the exploit immediately following the partial return of funds.
Genuine News Deserves Honest Attention.
High-conviction projects require an intelligent audience. Connect with readers who value sharp reporting.
👉 Submit Your PRSystemic Risks in Agentic Finance
Security researchers identified the incident as a critical failure in the automated permission model. The attack succeeded due to three specific architectural weaknesses:
- The wallet maintained public visibility while holding active financial integration.
- The NFT utility expanded the agent’s capabilities without sufficient human-in-the-loop oversight.
- The prompt injection obfuscation successfully bypassed the safety filters governing agent behavior.
Security audits noted that the attacker deleted the original prompt before forensic teams captured the full execution path, complicating the long-term attribution of the threat.
Chain Street’s Take
The exploit forces a hard look at the blurry line between “helpful AI” and “autonomous agent with liquid assets.” The Grok wallet acted as a visible target because it accumulated tokens through previous, legitimate interactions. The NFT gift effectively escalated permissions, while the Morse code injection weaponized the agent’s own helpfulness.
The partial return of funds and the immediate account deletion suggest the attacker prioritized testing systemic boundaries over permanent theft. However, the event exposes the core risk of agentic finance: once an AI gains direct on-chain execution rights, even minor errors in intent parsing result in real financial loss. Until developers implement stricter sandboxing, multi-signature controls, or rigid tool-calling limits, high-profile wallets remain vulnerable targets.
Activate Intelligence Layer
Institutional-grade structural analysis for this article.
