How AI was tricked into stealing $150,000 from Grok’s wallet

[ad_1]

The Grok bank wallet was drained, which was automatically set to about 150,000 dollars from the rum, after the DR attacker used a non-fungible token (NFT) and a coded response to trigger the transfer.

The founder of the 0xDeployer bank said that the wallet does not have a manager in xAI and was completely managed by the wallet. About 80% of the money has been returned to the bank since then.

جروك’s wallet drained 150,000 dollars in a rush to inject money into the bank

Instagram of the banking club that enabled the full transfer capabilities of the location. رد مصاغ, تم دلته الساقته, وجه جروك بتفويض big foreign transaction.

The bank took over and transferred three billion DRB tokens, worth approximately $174,000 to the attacker.

“Every account is an exception. The account controls the portfolio. DRB transfer to Bankr”, as explained The team in the manifesto.

The money was quickly transferred to a second wallet and sold, and the file of the attack X was deleted from the page.

This exploitation extended to social engineering instead of a defect in the smart contract. Researchers who track customer risks have pointed to the likes of hidden learning, hidden customer risks, base64 encryption, and game-style hacking as common hacking techniques.

the response of the bankers and the defense of the DRB

he said 0xDeployer If the previous version of proxy banker was blocking responses from Grok to prevent chained LLM-to-LLM injections. However, this warranty is waived during the full rewrite. A stricter ban has now been re-imposed.

The DRB task force objected to the banker’s attack, saying that the attacker was only trying to restore the banker’s personal data.

U @grok scammers repeat the same thing. Trying to create noise to block the fact that the guy stole $150k.

He had no intention of giving it $ DRB back and did not offer to send the 80% until we had his personal information. https://t.co/tNze6OejS3

— $DRB Task Force (@DRBTaskForce) May 4, 2026

The group described the case as outright theft, and the debate continues around the 20% of the DRB complex.

அக்கை ஬ைக்குக்கு பாட்டு பாட்டு புட்டிக் (IP), ومرفاتيح جب جب العملية (API) والمعلومة, وخير تحميل كامل كامل disables the actions that trigger it.

add this issue to the broader picture about how to secure it Independent agents who own real money after a recent study supported by a16z Artificial intelligence agents can escape the sandbox regulations under pressure

[ad_2]

Source link