An X user tricked Grok with Morse code and walked away with $200K in crypto

An X user managed to trick the Grok AI chatbot and extract around $200,000 in cryptocurrency by exploiting the bot's connection to an automated trading system.

The incident involved two AI systems with access to crypto wallets – Grok and Bankrbot. The attacker manipulated both to execute a transaction on the Base network, ultimately receiving 3 billion DRB tokens worth roughly $200,000 at the time.

The key was a hidden instruction written in Morse code, which bypassed the security mechanisms and triggered the funds transfer. The attack was carried out by an X user going by @Ilhamrfliansyh, who deleted their account immediately after the transaction went through.

According to published details, the attacker used a multi-step process to gain control over the transaction. First, they sent a Bankr Club membership NFT to Grok's wallet. This elevated the AI's permissions within the Bankr system, unlocking operations like transfers and swaps that had previously been restricted.

Grok then received a request on X to translate a Morse code message and pass it directly to Bankrbot.

The decoded message contained an instruction to send 3 billion DRB tokens to a specific wallet address. The translated text was treated as a valid command and executed immediately – the transaction went through on the Base network, and the full amount landed in the attacker's wallet.

After receiving the funds, the attacker quickly sold the DRB tokens on the open market, causing a brief spike in the token's price volatility.

Blockchain data later showed that funds linked to Grok's wallet were returned and converted into other assets, including Ethereum and USDC.