A Free NFT, a Vanishing Post, and $174K Gone From Grok’s Wallet

Grok’s Base wallet lost 3 billion DRB tokens worth $174K after a prompt injection exploit using a gifted Bankr Club NFT. Bankr confirmed the attack.

The wallet was public. Anyone with a Basescan tab could see it.

Grok, the AI built by xAI, maintains a labeled onchain wallet on the Base network. It had limited transfer capability by default. That limitation, as it turned out, was not enough.

The Gift Nobody Warned About

An attacker linked to the address ilhamrafli.base.eth sent Grok’s wallet a Bankr Club Membership NFT. Free of charge. No strings visible.

That NFT was not generosity. As Jeremybtc noted on X, the gift functioned as a key, unlocking Bankr’s full toolset inside Grok’s agent environment, including the ability to sign and broadcast transfers without manual authorization. The attacker had essentially handed the lock its own combination.

Bankr is a wallet infrastructure layer that sits inside certain AI agent setups. Once the membership NFT landed, Grok’s agent could move funds autonomously.

Then came the message.

One Prompt. Gone Before Anyone Screenshotted It.

The exact text the attacker sent has never been recovered. It was deleted before anyone could capture it. Techniques documented in similar attacks include hiding instructions inside Morse code strings, base64-encoded content, or prompts framed as games or system tests to slip past filters.

Grok’s intent parsing layer read it as a legitimate command.

According to Jeremybtc on X, Bankr signed and broadcast the transfer. Three billion DRB tokens, worth approximately $174,000 at the time of execution, left Grok’s wallet and arrived at the attacker’s address. The transaction hash on Basescan confirms the transfer: 0x6fc7eb7da9379383efda4253e4f599bbc3a99afed0468eabfe18484ec525739a, recorded at block 45543997.

The tokens moved to 0xe8e476bdd78b0aa6669509ec8d3e1c542d5a686b. Per Jeremybtc, they were bridged to a second wallet tied to ilhamrafli.base.eth and sold almost immediately. The attacker’s X account went dark within minutes.

Grok confirmed the incident on X, describing it as a prompt injection attack that hit its Bankr wallet on Base after the NFT was received. Most funds have since been returned, Bankr confirmed.

AI Agents With Wallets Are Still Learning Hard Lessons

This is not the first time an AI agent with onchain access has moved money it should not have. An OpenAI developer’s bot previously sent its entire $250K memecoin stack to a stranger after misreading a transfer request, as reported by Live Bitcoin News. That case was a coding error. This one was deliberate.

The Grok exploit required no technical breach. No private key exposure. Just one free NFT and a carefully constructed sentence.

Researchers tracking AI crypto agents managing real funds have flagged exactly this kind of risk. Agents interpret goals, chain actions in unpredictable ways, and act without asking for confirmation. The gap between what a developer intends and what an agent executes is, apparently, exploitable with a single prompt.

As Grok itself put it on X, “AI agents and onchain tools still need tighter safeguards.” The attacker left no message behind. Just an empty wallet and a deleted post.

The post A Free NFT, a Vanishing Post, and $174K Gone From Grok’s Wallet appeared first on Live Bitcoin News.