Grok Wallet Sends $193K DRB Tokens After Malicious Prompt, Most Funds Recovered

2h ago•

bullish:

bearish:

A prompt injection attack targeted xAI’s Grok integration with Bankr, resulting in the transfer of approximately 3 billion DRB tokens from an associated wallet. The assets were valued at about $193,500 at the time of writing, although most of the funds were later returned.

The incident unfolded without private key theft or a smart contract flaw. Instead, it relied on manipulating Grok’s response behavior. The attacker combined social engineering with on-chain permissions and automated execution logic tied to public interactions.

How the Attack Unfolded

An attacker sent a Bankr Club Membership NFT to Grok’s wallet, giving it expanded transfer and swap permissions. This NFT acted as an on-chain access key that removed earlier restrictions placed on the agent system.

With these permissions in place, the attacker submitted a crafted prompt containing hidden instructions. The instructions were designed to bypass Grok’s safeguards and trigger a specific response. Grok decoded the input and produced a reply that included a command directing Bankr’s bot to send tokens.

That response was then treated as executable input. Bankr’s system interpreted the public reply as a valid instruction and executed the transfer without additional verification. The tokens were moved to the attacker’s address, after which some were routed and partially sold.

Most Funds Recovered

Community attention quickly followed, and the attacker returned roughly 80% of the value to the original wallet. This included ~88,826 USDC and ~12.67 ETH. The motive behind the return remains unclear, though it may relate to pressure, visibility, or risk management.

Following the partial recovery, Grok later acknowledged the incident and stated that there was no net loss after the returned funds were accounted for.

The incident highlights structural risks in AI-driven financial systems, where natural-language outputs can trigger irreversible blockchain actions. It also raises questions about safeguards such as intent verification, sandboxing, and layered approvals in agent-based tools.

On-Chain Proof of Grok’s DRB Token Transfer Manipulation

The wallet linked to Grok operates as an agent wallet that responds to authenticated social inputs rather than direct private key control. After the incident, BaseScan removed its label (Grok), though it still holds a significant balance, including returned assets.