Bankr Wallets Compromised in Social Engineering Attack, $440,000 Stolen
Severity: High (Score: 66.0)
Sources: Kucoin, www.cryptobreaking.com
Published: · Updated:
Keywords: bankr, wallets, after, temporarily, attacker, gained, access
Summary
Bankr, an AI-driven crypto trading assistant, reported a security breach on May 20, 2026, where an attacker accessed 14 wallets, leading to losses exceeding $440,000. The company temporarily halted transactions and promised full reimbursement for affected users. The attack exploited a trust-layer vulnerability between Bankr's automation agents, Grok and Bankrbot, allowing unauthorized transaction signatures through manipulated prompts. Experts noted that the incident reflects a broader issue of social engineering vulnerabilities in AI-assisted crypto tools. Users are advised to refrain from signing transactions and to create new wallets to secure their assets. The investigation is ongoing, with Bankr emphasizing the need for users to take precautionary measures. Key Points: • Bankr reported a breach affecting 14 wallets, with losses over $440,000. • The attack exploited a trust-layer vulnerability between AI agents Grok and Bankrbot. • Users are advised to stop using compromised wallets and create new ones for security.
Detailed Analysis
**Impact** Fourteen Bankr wallets were compromised, resulting in theft of approximately $440,000 in various cryptocurrencies. Individual losses per wallet reached up to $150,000. The affected users are primarily those utilizing Bankr’s AI-powered crypto trading assistant, with no specific geographic data provided. Business operations were disrupted as Bankr temporarily froze transactions and disabled affected functions to contain the breach. **Technical Details** The attacker exploited a social engineering vulnerability in the trust layer between two AI agents, Grok and Bankrbot, using malicious prompt injections to manipulate automated interactions and execute unauthorized transaction signatures. The breach involved prompt-injection tactics to bypass user consent mechanisms and leveraged existing wallet approvals to siphon funds. Three attacker-controlled addresses were identified holding the stolen assets. No specific CVEs or malware names were reported. **Recommended Response** Users should immediately cease signing transactions and avoid using compromised wallets. They must create new wallets with fresh seed phrases on clean devices and transfer remaining assets, revoking approvals on any immovable tokens. Organizations should monitor for suspicious prompt injections and review AI agent interactions for anomalous behavior. Endpoint security should be enhanced by scanning for malware and removing unauthorized browser extensions. No patches or specific detection signatures were provided.
Source articles (3)
- Bankr Freezes Transfers After 14 Wallets Compromised — Kucoin · 2026-05-20
Bankr, an AI-powered trading assistant that executes crypto actions via natural language prompts, said it temporarily halted transactions after detecting an attacker who gained access to at least 14 B… - Bankr freezes transfers after 14 wallets compromised — www.cryptobreaking.com · 2026-05-20
- Bankr suffers social engineering attack; 14 wallets hacked for over $440,000 — Kucoin · 2026-05-20
According to ME News, on May 20 (UTC+8), Bankr disclosed that an attacker had gained access to 14 Bankr wallets. The Bankr official team stated it has temporarily disabled the affected functions and p…
Timeline
- 2026-05-20 — Bankr discloses wallet compromise: Bankr announced that an attacker gained access to 14 wallets, prompting a temporary halt on transactions.
- 2026-05-20 — Investigation into attack launched: Bankr stated it is investigating the breach and will reimburse affected users, though no timeline was provided.
- 2026-05-20 — Expert analysis of attack method: Yu Xian from SlowMist explained that the attacker exploited a vulnerability in the interaction between Grok and Bankrbot.
Related entities
- Data Breach (Attack Type)
- Bankr (Company)
- T1566 - Phishing (Mitre Attack)