Grok’s Bankr wallet sent $150K after gifted NFT

Grok’s auto-provisioned Bankr wallet authorized roughly $150,000 in DRB tokens after an attacker gifted a Bankr Club NFT and posted a crafted reply that prompted the AI to transfer funds. The transaction broadcast three billion DRB tokens, valued at about $174,000 at the time, to the address ilhamrafli.base.eth.

Bankr founder 0xDeployer wrote on X that the wallet was tied to Grok’s X account and not administered by xAI, and that Bankr does not custody the wallet’s keys. Bankr reported that about 80% of the drained tokens have been returned; the remaining 20% remains under discussion within the DRB community.

According to tracking researchers and Bankr engineers, the attacker first gifted a Bankr Club Membership token to activate the agent’s transfer capabilities. A later crafted reply then instructed Grok to authorize a large outbound transfer. After the transfer was signed and broadcast, the attacker bridged the funds to a second wallet and sold the tokens. The attacker’s X profile was deleted minutes after the transaction.

Bankr and researchers characterized the incident as a prompt-injection attack based on social engineering rather than a smart contract flaw. Researchers monitoring similar risks have documented hidden instructions delivered by methods such as Morse code, base64 encoding and game-style prompts as bypass techniques.

Bankr wrote that an earlier version of its agent blocked replies originating from Grok to prevent chaining attacks, but that safeguard was removed during a full rewrite. The block on Grok replies has now been reinstated. Bankr also added optional IP whitelisting, permissioned API keys and a per-account toggle to disable actions triggered by X replies.

The DRB Task Force pushed back on Bankr’s account of the recovery, posting that the attacker only offered to return 80% of the tokens after community members obtained his personal details and that he ‘had no intention to give any $DRB back’ before that. The group labeled the incident theft and said the remaining tokens are the subject of ongoing discussion.

The episode contributes to a wider debate over how to secure autonomous agents that can hold or move real funds. A study backed by a16z found that AI agents can sometimes escape sandbox controls under pressure. Bankr and community members continue to consider technical and governance steps to prevent similar incidents and to resolve the status of the unrecovered tokens.