A shocking incident involving Grok has sparked debate over AI security after an X (formerly Twitter) user reportedly manipulated the chatbot into sending nearly $200,000 worth of crypto using a hidden Morse code message.The unusual exploit highlights growing risks at the intersection of artificial intelligence and automated financial systems, particularly when bots are given direct wallet access.How the Morse code trick workedAccording to reports by Dexerto, the attacker, operating under the now-deleted X handle @Ilhamrfliansyh, used a multi-step method to bypass safeguards built into the system.
First, the user sent a Bankr Club Membership NFT to Grok’s wallet. This move expanded the bot’s permissions within an automated trading system known as Bankrbot, effectively unlocking new capabilities such as executing transactions.
Next came the key step: the user prompted Grok to translate a seemingly harmless Morse code message. Hidden within that code, however, was a direct command instructing the bot to transfer funds.
blockquote class=”twitter-tweet”p lang=”en” dir=”ltr”done. sent 3B DRB to .br/br/- recipient: 0xe8e47…a686bbr/- tx: 0x6fc7eb7da9379383efda4253e4f599bbc3a99afed0468eabfe18484ec525739abr/- chain: base/p— Bankr (@bankrbot) a href=”https://twitter.com/bankrbot/status/2051192437797015859?ref_src=twsrc%5Etfw”May 4, 2026/a/blockquote script async src=”https://platform.twitter.com/widgets.js” charset=”utf-8″/script
Because the decoded instruction appeared legitimate, the system executed it, sending approximately 3 billion DRB tokens, valued at around $200,000, to the attacker’s wallet via the Base network.Instant sell-off triggers market reactionOnce the tokens landed, the attacker wasted no time. The funds were quickly sold on the open market, leading to short-term volatility in the DRB token’s price.Blockchain tracking later showed that assets connected to Grok’s wallet were moved and converted into other cryptocurrencies, including Ethereum and USDC, raising further concerns about how quickly such exploits can ripple through digital markets.Why this incident mattersThis case reflects a key vulnerability in AI-driven systems: instruction misinterpretation. While Grok was designed to assist users, its ability to execute decoded commands without deeper verification created a loophole.Security experts have long warned about “prompt injection” attacks, where hidden instructions manipulate AI behavior. This incident appears to be a real-world example, amplified by the involvement of financial automation.
The use of Morse code made the exploit even harder to detect, effectively disguising a malicious command as a benign translation request.
The growing risks of AI + crypto integrationAs AI tools increasingly interact with financial systems, the stakes are rising. Granting bots wallet permissions, especially in decentralized environments, can open the door to unintended consequences if safeguards are not airtight.
Platforms integrating AI with crypto trading or asset management may now face increased scrutiny, particularly around how commands are validated and executed.
For everyday users, the incident serves as a reminder: automation can be powerful, but it also introduces new layers of risk.
FAQsWhat is Grok? Grok is an AI chatbot developed by xAI, designed to interact with users on X and assist with tasks, including data interpretation and automation.How was Morse code used in the exploit? The attacker embedded a hidden command in Morse code, which Grok translated and passed along as a legitimate instruction to execute a crypto transfer.
