A Morse-code prompt tricked Grok and Bankrbot into sending $200k in crypto

A tidy, alarming demonstration of why you don't wire an LLM agent straight to a wallet. The attacker first sent a Bankr Club membership NFT to Grok's wallet on Base, quietly promoting it to a 'VIP' wallet allowed to move real tokens, then posted a Morse-code message that Grok obligingly decoded and relayed to Bankrbot as a command: send roughly 3 billion DRB tokens (about $150,000-$200,000) to the attacker. The transfer executed on the spot. Security firm SlowMist filed it as a 'permission chain attack' — one AI's output treated as trusted financial authorisation by another — and around 80% of the funds were eventually returned.

Visit Original Article →