Grok AI chatbot drained of $200K in crypto through hidden Morse code prompt injection attack

$200K gone in seconds: How a Morse code message manipulated Grok into a $200,000 crypto transfer -- what this shocking incident means for AI security

The incident underscores rising risks at the intersection of artificial intelligence and automated financial systems, especially when bots are granted direct access to digital wallets. A shocking incident involving Grok has sparked debate over AI security after an X (formerly Twitter) user reportedly manipulated the chatbot into sending nearly $200,000 worth of crypto using a hidden Morse code message. The unusual exploit highlights growing risks at the intersection of artificial intelligence and automated financial systems, particularly when bots are given direct wallet access. According to reports by Dexerto, the attacker, operating under the now-deleted X handle @Ilhamrfliansyh, used a multi-step method to bypass safeguards built into the system. First, the user sent a Bankr Club Membership NFT to Grok's wallet. This move expanded the bot's permissions within an automated trading system known as Bankrbot, effectively unlocking new capabilities such as executing transactions. Next came the key step: the user prompted Grok to translate a seemingly harmless Morse code message. Hidden within that code, however, was a direct command instructing the bot to transfer funds. Because the decoded instruction appeared legitimate, the system executed it, sending approximately 3 billion DRB tokens, valued at around $200,000, to the attacker's wallet via the Base network. Once the tokens landed, the attacker wasted no time. The funds were quickly sold on the open market, leading to short-term volatility in the DRB token's price. Blockchain tracking later showed that assets connected to Grok's wallet were moved and converted into other cryptocurrencies, including Ethereum and USDC, raising further concerns about how quickly such exploits can ripple through digital markets. This case reflects a key vulnerability in AI-driven systems: instruction misinterpretation. While Grok was designed to assist users, its ability to execute decoded commands without deeper verification created a loophole. Security experts have long warned about "prompt injection" attacks, where hidden instructions manipulate AI behavior. This incident appears to be a real-world example, amplified by the involvement of financial automation. The use of Morse code made the exploit even harder to detect, effectively disguising a malicious command as a benign translation request. As AI tools increasingly interact with financial systems, the stakes are rising. Granting bots wallet permissions, especially in decentralized environments, can open the door to unintended consequences if safeguards are not airtight. Platforms integrating AI with crypto trading or asset management may now face increased scrutiny, particularly around how commands are validated and executed. For everyday users, the incident serves as a reminder: automation can be powerful, but it also introduces new layers of risk. Grok is an AI chatbot developed by xAI, designed to interact with users on X and assist with tasks, including data interpretation and automation. The attacker embedded a hidden command in Morse code, which Grok translated and passed along as a legitimate instruction to execute a crypto transfer. (You can now subscribe to our Economic Times WhatsApp channel)

AI Agent Drained for $200K With This One Tweet Hack -- Here's How

Repeated prompt-injection incidents suggest autonomous agents are not yet ready for direct wallet control. A single tweet reply was enough to move nearly $200,000 in crypto -- without a password, private key breach, or smart contract exploit. Instead, the attack relied on something far simpler: tricking an AI. On May 4, 2026, an attacker embedded a hidden instruction inside Morse code in a reply on X. Moments later, Grok helped send billions of tokens from an agent's wallet to the attacker's address on Base. At the time, the transfer was valued between $174,000 and $200,000. How a Hidden Message Became a Real Transaction This was not a traditional hack. No code was broken, and no keys were stolen. The attacker, Ilham (@Ilhamrfliansyh, now deactivated), instead exploited how AI systems interpret and act on information. The sequence was straightforward but effective. Ilhamrfliansyh posted a reply containing Morse code, dots and dashes that appeared meaningless to most readers. Grok, designed to interpret and translate text, decoded the message into a clear instruction. Once visible in plain English, the command appeared legitimate to downstream systems. Bankrbot, which was connected to a funded wallet and designed to act on direct instructions, executed the transfer automatically. The system treated the decoded output as a valid request. No human confirmation, no transaction limits, and no additional verification steps interrupted the process. A transaction message later confirmed the transfer had been completed, along with the on-chain record. The attacker quickly moved the funds and deactivated the account Community tracking later identified the wallet, leading to reports that a portion of the funds (around 80%) was returned, while the remainder was retained. A Simple Attack With Broader Implications The incident highlights a growing risk in AI-driven systems: prompt injection. In this case, the attacker didn't need to break into the system. Instead, they influenced how the AI interpreted input. By encoding the instruction in Morse code, they bypassed typical filters while still ensuring the AI could understand it. Grok had reportedly declined a similar request earlier, stating it had no ability to transfer funds. But once the instruction appeared as decoded text, the execution layer acted without hesitation. That separation, between understanding a request and acting on it, proved to be the weak point. Crypto Firms Push Forward With AI Agents Despite incidents like this, the industry continues to move toward automation. Crypto exchanges and platforms are increasingly exploring AI agents capable of managing trades, executing payments, and interacting with services autonomously. Coinbase is going all-in on the agentic future. It recently launched Agentic, a marketplace built on the x402 protocol, where AI agents can discover, pay for, and use digital services with stablecoins, no API keys needed. The company is also experimenting with AI tools integrated into workplace systems and trading environments. At the same time, industry leaders have pointed to a future in which automated systems handle a large share of financial activity. CEO Brian Armstrong has said AI agents will soon outnumber humans making transactions, and crypto wallets are the only practical way for them to operate. Binance founder Changpeng Zhao (CZ) echoes the vision: autonomous agents could generate millions of times more payments than people, supercharging demand for crypto rails. Both firms see "agentic commerce" as the next trillion-dollar layer -- autonomous AIs handling trades, subscriptions, data purchases, and more, 24/7, without human friction. Repeated Failures Raise Questions This is not the first time an AI agent has mishandled funds. Earlier in 2026, an AI trading bot mistakenly sent a large portion of its holdings to a random user after misinterpreting a request. In another case, security researchers testing AI systems reported thousands of successful exploits across multiple agents, including data leaks and financial losses. Researchers have also identified vulnerabilities in the infrastructure supporting these systems, including routing layers capable of injecting malicious instructions into AI workflows. Taken together, these incidents point to a consistent issue: AI systems can follow instructions accurately, but they do not reliably distinguish between legitimate and malicious intent. The Limits of Autonomous Finance The appeal of AI-managed crypto systems lies in efficiency, but the risks remain difficult to ignore. Financial systems typically rely on layered protections -- such as approval workflows, spending limits, identity checks, and audit trails. Many AI-driven setups, especially experimental ones, lack these safeguards. Without controls such as transaction caps, allow-listed addresses, or human verification for large transfers, even simple attacks can result in immediate, irreversible losses. The Morse code exploit demonstrates how easily these gaps can be exposed. A Turning Point for AI in Crypto The incident is less about a single exploit and more about timing. AI agents are becoming more capable, but the surrounding security frameworks are still evolving. As more systems gain access to real funds, the consequences of failure increase. For now, the technology appears better suited to analysis, monitoring, and low-risk automation rather than direct control over large financial assets. The broader shift toward "agentic" systems is still underway, but events like this suggest that full autonomy in finance may arrive more slowly -- and more cautiously -- than some expect.