Fourteen Bankr wallets on the Base chain were compromised, with users reporting up to $150,000 in crypto drained from affected addresses. The attacker transferred approximately 3 billion $DRB tokens, valued at around $175,000, through a prompt injection exploit targeting the AI trading bot.
Bankr has pledged full compensation to all affected users and temporarily frozen trading functions while the investigation continues. The project confirmed it identified the attacker and disabled transaction capabilities "out of caution" during the probe.
A user's seed phrase was likely in the hands of an attacker, prompting Bankr to issue critical warnings: stop using compromised wallets immediately, create new wallets with fresh seed phrases on clean devices, and revoke all existing approvals. Attackers frequently leverage existing approvals to drain remaining funds, making these steps essential.
Attack Vector: How AI Agents Became the Weak Link
The attacker sent a seemingly harmless Bankr Club Membership NFT to Grok's wallet, which automatically unlocked additional trading capabilities. When Grok publicly decoded and replied to the attacker's message while tagging @bankrbot, the system treated that reply as a legitimate command. This social engineering trick bypassed traditional security entirely-no private keys were stolen, no seed phrases were compromised. The AI simply executed what it believed was a valid instruction from its own output.
This marks the second major AI-wallet exploit this year, following an earlier incident where someone tricked Grok into launching a malicious token. The vulnerability lies in how natural language processing treats any text from the AI itself as authoritative. When the AI generates a command-even in response to an attack-the wallet executes it without question. This creates a dangerous feedback loop where the security layer becomes the attack vector.
The incident arrives alongside broader security concerns, including Trust Wallet's recent breach that exposed over $6 million in stolen funds through a compromised browser extension. Both incidents highlight a critical pattern: as AI agents gain direct wallet access, the attack surface shifts from traditional credential theft to manipulation of the AI's decision-making process. The $175,000 in $DRB tokens transferred through this method represents a new class of exploit-one that targets the trust layer between automated agents rather than the wallets themselves.
What This Means for the Space
The Bankr incident reveals a critical expansion of the attack surface-every X handle automatically gets a wallet, multiplying potential targets for attackers. This structural vulnerability compounds the risk from earlier 2026 exploits, where Lazarus Group drained approximately $575 million through KelpDAO and Drift Protocol. The pattern is clear: as crypto infrastructure grows, so does the attack surface for sophisticated threat actors.
The Trust Wallet breach underscores how extension-based vulnerabilities remain a persistent threat vector. A compromised browser extension siphoned an estimated $7 million in digital assets, demonstrating that even established players face continuous security challenges. This incident, combined with the AI-specific exploits, highlights the need for users to verify AI agents and maintain strict security practices across all interaction points.
For investors and users, the takeaway is straightforward: AI-integrated wallets introduce a new class of risk that traditional security measures don't fully address. The $175,000 in $DRB tokens stolen through prompt injection represents a shift from credential theft to trust-layer manipulation. Until these systems mature, the safest approach remains limiting AI agent permissions and treating any automated trading bot as a potential attack vector.