Business X user tricks Grok into sending them $200,000 in crypto using morse code

Published: May 05, 2026, 04:07
Link | Archive


An X user managed to trick AI chatbot Grok into sending around $200,000 worth of crypto after exploiting its link with an automated trading bot. The incident involved Grok and ‘Bankrbot’, two AI systems with wallet access, which were manipulated into executing a transaction on the Base network. The attacker received 3 billion DRB tokens, valued at roughly $200,000 at the time, after sending a hidden instruction written in Morse code that bypassed safeguards and triggered the transfer. The exploit was carried out by an X user operating under the handle ‘@Ilhamrfliansyh’, who later deleted their account after completing the transaction.

Morse code prompt triggers $200K transfer​

According to details shared around the incident, the attacker used a multi-step process to gain control over the transaction.


As explained by cryptopolitan, the user sent a Bankr Club Membership NFT to Grok’s wallet. This expanded the AI’s permissions within the Bankr system, allowing it to perform actions like transfers and swaps that were previously restricted. Grok was then prompted on X to translate a Morse code message and pass it directly to Bankrbot. The decoded message instructed the bot to send 3 billion DRB tokens to a specific wallet address. The translated message was then treated as a valid command and executed immediately, with the transaction completed on Base, transferring the full token amount to the attacker’s wallet.

Tokens sold immediately after exploit​

Following the transfer, the attacker quickly sold the DRB tokens on the open market, causing short-term volatility in the token’s price. Blockchain data later showed that funds linked to Grok’s wallet were returned and converted into other assets, including Ethereum and USDC.

 

[Harvey Danger]

That's funny, but this seems Orwellian:

Blockchain data later showed that funds linked to Grok’s wallet were returned and converted into other assets, including Ethereum and USDC.

The article doesn't say the guy was caught, so how was it returned? Did they directly contact the exchange and steal it back from the guy's account before he transferred it out?

 

[Long Dong Silver 2025]

That's funny, but this seems Orwellian:



The article doesn't say the guy was caught, so how was it returned? Did they directly contact the exchange and steal it back from the guy's account before he transferred it out?

Yeah that's what I was thinking too. Something's up here.

 

[BONECRUSHER]

This sounds like complete horseshit to prop up Grok. The same kind of shit Anthropic pulls to promote how "dangerous and smart" Claude can be.

 

[George Lucas]

The article is so poorly written it isn’t even clear what happened.

 

[blackshirt]

This sounds like complete horseshit to prop up Grok. The same kind of shit Anthropic pulls to promote how "dangerous and smart" Claude can be.

This was my first thought, clever marketing.

 

[Strix454]

AI was supposed to solve all the security problems. But in practice what its done is open up a whole new class of security issues that are far more difficult to do anything at all about. People are putting bots out there with extraordinary levels of permissions to do things and not questioning the wisdom of doing it at all.

 

[Dante Alighieri]

What the fuck is a DRB

 

[Breadbassket]

What the fuck is a DRB

Apparently it stands for DebtReliefBot and it is a memecoin whose special story is that is was created by AI.

 

[TheHarbinger]

This sounds like complete horseshit to prop up Grok. The same kind of shit Anthropic pulls to promote how "dangerous and smart" Claude can be.

It's clearly a marketing stunt. A hoax essentially. Like the casinos that plant stories in the news about someone winning a jackpot with their last coin.

 

[Angry Alt Right Nerd]

Wow, people on the internet and also real life just make shit up?

 

[Judex Meus]

I wonder if the wallet is publicly known then if you could look at previous transactions. If there haven't been any ever before these then that's suspicious

 

[Preacher ✝]

The article is so poorly written it isn’t even clear what happened.

I bet it was written by AI.

 

[AirMail]

The article is so poorly written it isn’t even clear what happened.

The user sent a Bankr Club Membership NFT to Grok’s wallet. This expanded the AI’s permissions within the Bankr system, allowing it to perform actions like transfers and swaps that were previously restricted. Grok was then prompted on X to translate a Morse code message and pass it directly to Bankrbot.

What part of this do you not understand?

 

[George Lucas]

The user sent a Bankr Club Membership NFT to Grok’s wallet. This expanded the AI’s permissions within the Bankr system, allowing it to perform actions like transfers and swaps that were previously restricted. Grok was then prompted on X to translate a Morse code message and pass it directly to Bankrbot.

What part of this do you not understand?

I don’t understand the last paragraph of the article.