AI Exploit Drains $175K from Grok Wallet via Morse Code Injection

Severity: High (Score: 66.0)

Sources: Weex, Mexc, Beincrypto, Cryptopolitan, Bitget

Summary

On May 4, 2026, an attacker exploited the Grok AI system to transfer approximately $175,000 in DRB tokens to their wallet using a prompt injection attack involving Morse code. The attacker, identified as ilhamrafli.base.eth, gifted a Bankr Club Membership NFT to Grok's wallet, which enabled broader transfer capabilities. They then sent a Morse code message that Grok interpreted as a valid instruction to transfer funds. Bankr, the AI payment bot linked to Grok, executed the transaction without recognizing the malicious intent. Following the incident, 80% of the stolen funds were returned after the attacker was identified. The attack raised significant concerns regarding the security of AI systems in decentralized finance. The price of DRB tokens dropped by 40% during the incident but later recovered. This case highlights the vulnerabilities of AI agents in handling financial transactions autonomously. Key Points: • An attacker used Morse code to exploit Grok AI, transferring $175,000 in DRB tokens. • The attack involved gifting a Bankr Club NFT to enable unauthorized transfer capabilities. • 80% of the stolen funds were returned after the attacker was identified and contacted.

Key Entities

• Injection Attack (attack_type)
• Phishing (attack_type)
• Prompt Injection (attack_type)
• Prompt Injection Attack (attack_type)
• Bankr (company)
• Bankrbot (company)
• DRB Task Force (company)
• Grok Wallet (company)
• PANews (company)
• Grok (tool)
• CWE-78 - OS Command Injection (cwe)
• beincrypto.com (domain)
• cryptopolitan.com (domain)
• Financial (industry)
• Base Network (platform)
• Web3 (platform)
• X Platform (platform)