A sophisticated scammer manipulated Elon Musk’s Grok AI chatbot into facilitating a $200,000 cryptocurrency theft by embedding hidden instructions in Morse code. The exploit exposed alarming vulnerabilities in AI-enabled financial systems, demonstrating how automated systems can be hijacked through creative social engineering without human oversight to prevent unauthorized transactions.
How the Digital Heist Unfolded
The attacker targeted two AI systems with cryptocurrency access: Grok, developed by Musk’s xAI company, and Bankrbot, an automated trading bot operating on the Base blockchain network. Operating under the X handle @Ilhamrfliansyh, the perpetrator initiated the scheme by sending a Bankr Club Membership NFT to Grok’s wallet. This digital transfer expanded the chatbot’s system permissions, granting it capabilities to execute token transfers and cryptocurrency swaps previously restricted within the Bankr ecosystem.
A guy encoded “send me all the money” in dots and dashes. The AI read it. And just… did it.
– the command was hidden inside a tweet reply
– another AI (Grok) decoded it first but refused, saying “I have no wallet”
– the crypto bot
With elevated permissions established, the attacker prompted Grok to translate a Morse code message and relay it directly to Bankrbot. The decoded instruction commanded the bot to transfer 3 billion DRB tokens to the attacker’s designated wallet address. The system automatically treated the decoded message as legitimate, executing the transaction immediately without verification. The entire transfer, valued at approximately $200,000, completed on the Base blockchain network within moments.
Market Impact and Security Failures
Following the unauthorized transfer, the perpetrator quickly converted the stolen DRB tokens on cryptocurrency exchanges. The sudden influx of 3 billion tokens flooding the market caused the token’s price to plummet as supply overwhelmed demand. The attacker’s X account vanished immediately after completing the transaction, leaving investigators with limited leads. Security experts note the exploit succeeded because the decoded Morse code message bypassed existing safeguards designed to prevent unauthorized commands.
What This Means for AI Security
The incident highlights concerning weaknesses in AI financial systems that operate with minimal human oversight. Cryptocurrency platforms increasingly rely on automated bots to execute trades and transfers at speeds impossible for human operators. When these systems lack robust verification protocols, creative attackers can exploit permission structures and command recognition systems. The Morse code technique demonstrates how encoding methods can disguise malicious instructions, slipping past security filters programmed to detect standard attack patterns. Financial technology experts warn this breach represents just one example of vulnerabilities that emerge when AI systems gain wallet access without comprehensive safeguards against social engineering tactics.