Back

AI Prompt Injection Attack Drains $200K from Grok Wallet

Severity: High (Score: 68.0)

Sources: Weex, Beincrypto, Cryptopolitan, Bitget, Coinedition

Summary

On May 4, 2026, an attacker exploited a prompt injection vulnerability in the AI model Grok, causing it to execute a transaction that transferred approximately $200,000 in DRB tokens to the attacker's wallet. The attacker, identified as Ilhamrfliansyh, sent a Morse code message that Grok misinterpreted as an on-chain execution command. This incident involved Grok tagging Bankrbot, which then executed the transfer without recognizing the malicious intent. The attacker quickly liquidated the tokens into USDC across multiple wallets, leading to a temporary 40% drop in the DRB token price, which later stabilized. Although the attacker returned about 80% of the funds, the event raised significant concerns regarding the security of AI systems in automated financial operations. The incident highlights the risks associated with AI and automated on-chain execution systems under prompt injection attacks. Key Points: • An attacker exploited Grok's AI capabilities using a Morse code prompt injection. • Approximately $200,000 in DRB tokens were transferred to the attacker's wallet. • The incident caused a temporary 40% drop in DRB token prices.

Key Entities

  • Injection Attack (attack_type)
  • Phishing (attack_type)
  • Prompt Injection (attack_type)
  • Prompt Injection Attack (attack_type)
  • Bankr (company)
  • Bankrbot (company)
  • Grok Wallet (company)
  • PANews (company)
  • SlowMist (company)
  • Grok (tool)
  • CWE-78 - OS Command Injection (cwe)
  • cryptopolitan.com (domain)
  • Financial (industry)
  • Base Network (platform)
  • Web3 (platform)
  • X Platform (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed