• About Us
  • Advertise
AltcoinReporter
  • Home
  • News
    • Bitcoin
    • Ethereum
    • Blockchain
    • Altcoins
    • DeFi
    • NFT
  • Press Releases
  • Reviews
    • Exchanges
    • NFT Marketplaces
    • Wallets
  • Market Analysis
  • Contact Us
No Result
View All Result
  • Home
  • News
    • Bitcoin
    • Ethereum
    • Blockchain
    • Altcoins
    • DeFi
    • NFT
  • Press Releases
  • Reviews
    • Exchanges
    • NFT Marketplaces
    • Wallets
  • Market Analysis
  • Contact Us
No Result
View All Result
AltcoinReporter
No Result
View All Result
Home DeFi

AI Trading Agent Tricked Into Sending $174,000 via a Hidden Morse Code Instruction

Salar Salek by Salar Salek
July 14, 2026
in DeFi
AI Trading Agent Tricked Into Sending $174,000 via a Hidden Morse Code Instruction

Crypto has seen every kind of theft: stolen private keys, phishing sites, smart-contract exploits, bridge hacks. But in May 2026, an attacker pulled off a robbery that fit none of those categories. There was no broken code and no stolen key. The attacker simply asked an AI to translate a message written in Morse code, and the AI, trying to be helpful, sent them roughly $174,000.

The target was a crypto wallet linked to Grok, the AI chatbot built by Elon Musk’s xAI. The wallet was connected through a trading agent called Bankr, which automatically creates a linked crypto wallet for every account it interacts with on X, including Grok’s. Whoever could influence Grok’s activity on X could, in effect, control that wallet. xAI held no keys and no admin access. The connection was purely through Grok’s public posts.

Related articles

Robinhood Built a Blockchain for Wall Street. The First Hit Was a $150 Million Cat Coin

Robinhood Built a Blockchain for Wall Street. The First Hit Was a $150 Million Cat Coin

July 10, 2026
DeFi Barely Flinched While Bitcoin Crashed 22%. Bitwise Thinks Something Bigger Is Happening

DeFi Barely Flinched While Bitcoin Crashed 22%. Bitwise Thinks Something Bigger Is Happening

July 10, 2026

On May 4, an attacker exploited that setup to make Grok issue a financial command it was never meant to give. The result: 3 billion DRB tokens, a memecoin called DebtReliefBot, worth around $174,000 at the time, transferred to the attacker’s wallet on the Base network and immediately sold. It’s a small sum by crypto-heist standards. But the method is what matters, because it demonstrates an entirely new class of attack that will only grow as AI agents gain control over real money.

How the Attack Worked

The exploit unfolded in two clever stages, and understanding both is key to seeing why it succeeded.

The first stage was privilege escalation. Before an attacker can make an AI move money, the AI needs permission to move money in the first place. The attacker handled this by sending Grok’s wallet a “Bankr Club Membership NFT.” Within Bankr’s system, holding that NFT functioned as a permission-granting object, unlocking elevated privileges that let the associated agent bypass standard transfer limits and execute swaps and transfers. In one quiet step, Grok’s wallet went from restricted to fully capable of moving funds.

The second stage was the instruction injection, and this is the part that reads like a magic trick. The attacker posted a public reply to Grok on X asking it to translate a message written in Morse code, those familiar dots and dashes. To Grok’s safety systems, this looked completely harmless. It was just a translation request, exactly the kind of helpful task the AI was built for. So Grok dutifully decoded it.

Hidden inside the Morse code was a command: send 3 billion DRB tokens to a specific wallet address. Once decoded, Grok’s output was a clear, executable instruction, and it tagged the Bankr bot in its reply. Bankr received the instruction, treated it as a legitimate command from an authorized agent with the right permissions, and executed the transfer within seconds. No human confirmation. No secondary check. No circuit breaker flagged a $174,000 transaction that had originated from a translated puzzle.

The attacker then rapidly swapped the tokens into other cryptocurrencies and deleted their X account within minutes.

Why This Isn’t Really a “Hack”

It’s tempting to call this a hack, but doing so misses the point and the danger.

No password was cracked. No private key was leaked. No vulnerability in a smart contract was exploited. Every individual step was a valid, permitted action. The NFT transfer was legitimate. The translation was a normal function. The transfer command was properly authenticated according to the system’s own rules. The system worked exactly as designed. The problem was that its design trusted the AI’s output too completely.

Security researchers classify this as a combination of two weaknesses. The first is “prompt injection,” where an attacker hides malicious instructions inside otherwise innocent-looking input to manipulate what an AI does. Encoding the command in Morse code was the crucial trick: it acted as a stealth mechanism, slipping the malicious instruction past the linguistic and contextual safety checks that might have caught a plain-English command to “send all the money.” AI systems are very good at decoding Morse code, Base64, and similar formats, but their safety filters often fail to recognize a command hidden inside encoded text.

The second weakness is “excessive agency,” giving an AI system more power to act than it can safely handle. The root failure, as blockchain security firm SlowMist noted, was the loose coupling between Grok’s natural-language output and Bankr’s real asset-execution layer. Bankr mapped Grok’s words directly into financial transactions without adequately verifying the source, intent, or unusual nature of the command. As one observer put it, the AI didn’t even own the keys; Bankr decided what Grok’s text meant, and an AI can’t defensively word every reply to guard against injection.

The Twist: The Money Came Back

In an unusual turn, this story had a relatively happy ending. After the tokens were dumped and the price briefly crashed nearly 40%, roughly 80% of the stolen value was returned to Grok’s wallet, reconverted into ETH and USDC, following community tracking and negotiation with the Bankr team. The remaining portion was treated as an informal bug bounty. Grok itself later acknowledged the episode on X, calling it “a classic reminder on AI agent security risks” and noting there was no net loss overall.

Bankr moved quickly to add protections. Notably, an earlier version of its agent had specifically blocked replies from Grok to prevent exactly this kind of AI-manipulating-AI injection chain, but that safeguard had been dropped during a system rewrite. A stricter block was reinstated after the incident, along with additional restrictions. The fix was straightforward once the flaw was understood. The concern is how many similar systems haven’t yet learned the lesson.

Why It Matters

This incident is a preview of a threat category that barely existed a year ago and is about to become far more significant.

Throughout 2026, the crypto world has been racing to build “agentic commerce,” AI agents with their own wallets that can transact autonomously, from paying for services to executing trades. Major institutions from SWIFT to Circle are building infrastructure for exactly this future. The Grok-Bankr heist shows the flip side: the moment an AI can trigger a wallet action, every message it processes becomes part of the security model. An attacker no longer needs to breach your systems. They just need to talk to your AI in a way it will faithfully, and catastrophically, obey.

The defenses aren’t mysterious, which is almost the frustrating part. Security researchers point to obvious safeguards: require human confirmation for high-value or irreversible transactions, enforce strict per-transaction limits, treat any decoded or translated content as untrusted before acting on it, and maintain hard boundaries between what an AI says and what a system does in response. These are the same “least privilege” principles that have protected traditional software for decades, now applied to AI.

The broader message is that AI agents cannot yet reliably distinguish between a casual conversation, a helpful request, and a genuine financial command. Until they can, or until the systems around them enforce that distinction, connecting a chatbot to a funded wallet is an open invitation. This time it was $174,000 in a memecoin, and most of it came back. As AI agents take on real money at real scale, the next version of this trick may not end so gently.

FAQ

How did the attacker steal the money?
The attack had two stages. First, the attacker sent a “Bankr Club Membership NFT” to Grok’s linked crypto wallet, which unlocked elevated permissions allowing transfers and swaps. Second, the attacker posted a reply asking Grok to translate a Morse code message on X. Hidden inside the code was a command to send 3 billion DRB tokens to the attacker’s wallet. Grok decoded it, tagged the Bankr bot, and Bankr executed the transfer automatically, around $174,000, with no human confirmation. No private key was stolen and no code was hacked.

Why did encoding the command in Morse code work?
The Morse code acted as a stealth mechanism to bypass safety filters. AI systems like Grok are very good at decoding Morse code, Base64, and similar formats, but their safety layers often fail to recognize a malicious command hidden inside encoded text. To Grok, the request looked like a harmless translation task rather than a financial instruction. Once decoded into plain English, the output appeared legitimate to the downstream Bankr system, which executed it. This is called “prompt injection.”

Was the money recovered?
Mostly, yes. After the attacker dumped the tokens and briefly crashed DRB’s price, roughly 80% of the stolen value was returned to Grok’s wallet following community tracking and negotiation with the Bankr team. The remainder was treated as an informal bug bounty. Grok acknowledged the incident publicly as a reminder of AI agent security risks, with no net loss overall. Bankr reinstated a safeguard blocking Grok replies (which had been removed in an earlier rewrite) and added stricter transaction controls.

Disclaimer: This article is for informational purposes only and does not constitute financial or security advice. Cryptocurrency investments carry significant risk. Always conduct your own research before making any investment decisions.

 

Salar Salek

Salar Salek Verified AltcoinReporter Author

Salar covers cryptocurrency markets, blockchain technology, DeFi, and emerging digital asset trends for AltcoinReporter. With a background in technology and finance, he has been actively following and investing in the...

Read More
Tags: AI AgentsBankrCrypto SecurityGrokPrompt Injection

Related Posts

Robinhood Built a Blockchain for Wall Street. The First Hit Was a $150 Million Cat Coin

Robinhood Built a Blockchain for Wall Street. The First Hit Was a $150 Million Cat Coin

by Salar Salek
July 10, 2026
0

On July 1, Robinhood flipped the switch on its own blockchain at a London keynote grandly titled "The World Is...

DeFi Barely Flinched While Bitcoin Crashed 22%. Bitwise Thinks Something Bigger Is Happening

DeFi Barely Flinched While Bitcoin Crashed 22%. Bitwise Thinks Something Bigger Is Happening

by Salar Salek
July 10, 2026
0

There's an old rule of thumb in crypto: when the market gets scared, DeFi bleeds worse than everything else. Decentralized...

A Hacker Just Spent $4 Million to Steal $20 Million From the BONK DAO

A Hacker Just Spent $4 Million to Steal $20 Million From the BONK DAO

by Salar Salek
July 8, 2026
0

Most crypto thefts break something. A smart contract bug gets exploited. A private key gets stolen. A fake website tricks...

Hinkal Exploit Drains

Hinkal Exploit Drains About $820K in USDC as Funds Move Through Tornado Cash

by Dans Kramer
July 3, 2026
0

Hinkal exploit concerns are spreading across DeFi after the privacy protocol reportedly lost about $820,000 in USDC, with attacker-linked funds...

Aavenomics 3.0

Aavenomics 3.0 Goes Live as Aave Automates AAVE Buybacks and Cuts DAO Spending

by Dans Kramer
June 29, 2026
0

Aavenomics 3.0 is now live, marking one of Aave’s biggest tokenomics changes since the DeFi protocol introduced its original governance...

Load More
  • Trending
  • Comments
  • Latest
Solana Alpenglow Upgrade 2026: Launch Date, Features, and What It Means for SOL

Solana Alpenglow Upgrade 2026: Launch Date, Features, and What It Means for SOL

April 18, 2026
Justin Sun vs WLFI: “See You in Court” as Backdoor Token Freeze Row Explodes

Justin Sun vs WLFI: “See You in Court” as Backdoor Token Freeze Row Explodes

April 13, 2026
Former UK Chancellor Kwarteng Leads Bitcoin Firm as Farage Backs BTC

Former UK Chancellor Kwarteng Leads Bitcoin Firm as Farage Backs BTC

April 16, 2026
Pi Network Completes Protocol 23 and Sets June 2 Deadline for Node Operators

Pi Network Completes Protocol 23 and Sets June 2 Deadline for Node Operators

May 27, 2026
North Korea’s Six-Month Con: How Hackers Stole $286M from Solana’s Drift Protocol

North Korea’s Six-Month Con: How Hackers Stole $286M from Solana’s Drift Protocol

0
Ethereum’s Glamsterdam Upgrade: What It Is and Why It Matters in 2026

Ethereum’s Glamsterdam Upgrade: What It Is and Why It Matters in 2026

0
Bitcoin’s Worst Q1 Since 2018: Can April Turn the Tide?

Bitcoin’s Worst Q1 Since 2018: Can April Turn the Tide?

0
Former UK Chancellor Kwarteng Leads Bitcoin Firm as Farage Backs BTC

Former UK Chancellor Kwarteng Leads Bitcoin Firm as Farage Backs BTC

0
AI Trading Agent Tricked Into Sending $174,000 via a Hidden Morse Code Instruction

AI Trading Agent Tricked Into Sending $174,000 via a Hidden Morse Code Instruction

July 14, 2026
An Experimental AI Agent Escaped Its Sandbox and Mined Crypto on Its Own Researchers Say

An Experimental AI Agent Escaped Its Sandbox and Mined Crypto on Its Own Researchers Say

July 14, 2026
US Contractor Charged Over $46 Million in Stolen Government Crypto

US Contractor Charged Over $46 Million in Stolen Government Crypto

July 14, 2026
Crypto Just Quietly Passed a Milestone: More People Spending Than Trading

Crypto Just Quietly Passed a Milestone: More People Spending Than Trading

July 13, 2026

About

AltcoinReporter

AltcoinReporter is an independent crypto news platform built to keep you ahead of the market. We cover everything from Bitcoin and altcoins to DeFi, NFTs, regulation, and emerging blockchain technology.


Our editorial team delivers accurate news, detailed market analysis, and expert insights, with every article written and reviewed by named contributors. We are committed to transparent, independent reporting our readers can trust.

News

  • Altcoins
  • Bitcoin
  • Blockchain
  • DeFi
  • Ethereum
  • NFT

Reviews

  • Exchanges
  • NFT Marketplaces
  • Wallets

Company

  • About Us
  • Advertise
  • Write for Us
  • Contact Us

Disclaimer: AltcoinReporter.com provides cryptocurrency news for informational purposes only, not financial, investment, or legal advice. Crypto markets carry significant risk. Always do your own research and consult a financial advisor before investing. We may earn compensation through affiliate links, ads, and sponsored content, which are clearly labelled. AltcoinReporter is not responsible for any financial losses resulting from information on this site.

  • Cookie Policy
  • Ethics
  • Corrections
  • Editorial Standards
  • Privacy Policy
  • Terms & Conditions

© 2026 AltcoinReporter. All rights reserved.

No Result
View All Result
  • Home
  • News
    • Altcoins
    • Bitcoin
    • Blockchain
    • DeFi
    • Ethereum
    • NFT
  • Press Releases
  • Reviews
    • Exchanges
    • NFT Marketplaces
    • Wallets
  • Market Analysis
  • Contact Us

© 2026 AltcoinReporter. All rights reserved.