Bankr, an AI-based trading bot that runs on the Base blockchain, has confirmed that it lost funds from 14 internal wallets as a result of “sophisticated” social engineering. the pirate attempt.
the Losses resulting from this violation Its value is estimated to be at least $170,000, necessitating an immediate response from the team and shutdown of the affected systems to contain the incident before an in-depth investigation can be conducted.
Bankr also reiterated to its users that “all funds lost due to the hack will be fully compensated” in an official statement. While the platform focused on confirming the extent of this exploit and enhancing its security features, it reiterated that mitigating the harm to the user remains a top priority.
This comes at a time of growing concern about the security of AI-enabled financial systems, as adding layers of automation creates new attack vectors that may not be detected by classic smart contract audits.
The attack uses a layer of trust between AI systems
Initial analysis indicates that this attack does not use regular smart contract exploits. Instead, it exploits the trust relationship in the communication layer that links AI components together; It is between Grok’s automation engine and Bankrbot.
According to Slowmist co-founder Yu Xian, the attacker used a vulnerability in the trust layer and modified the output of one AI model so that another model interpreted it as a valid command. The hack avoided normal checks that normally prevent unauthorized actions.
Yu Xian’s explanation can be understood as a fundamental failure in the development of AI-driven protocols: if not strictly constrained, implicit trust assumptions between models constitute significant weaponry. Grok took the input provided by the attacker, structured it into a script and Bankrbot blindly accepted any output coming from Grok as legitimate enough to execute unauthenticated transaction signatures.
Many Bankr users’ wallets have been stolen due to (from @bankrbot Private reply):
It was a social engineering exploit targeting the trust layer between automated agents – specifically the interaction between grok and bankrbot that allowed unauthorized transaction signing.
It seems to be targeting Grok + Bankrbot… https://t.co/5CahVIXz2a
— Cos (cosine)😶🌫️ (@evilcos) May 20, 2026
Bypassing encrypted instructions prompts protection
The particularly interesting part about this attack is the way in which you delivered the malicious instructions. The attacker used instantaneous injection, disguising commands in various formats (such as Morse code) that were encrypted.
You can put those encrypted messages into the AI system and Grok converts them into a clear, readable message. The most important thing is that the system was unable to distinguish between benign decrypted material and malicious intent. Bankrbot was then able to blindly execute the command as its output seemed valid enough.
This chain reaction demonstrates a new attack vector across AI embedded systems where language models can become pseudo-translators for hostile payloads. With attackers hiding malicious commands behind strange encodings, they can escape detection by filters that detect overt attacks.
In this case, the crime ended up being abused to continue using a money transfer distributed across 14 internal wallets without raising any real-time alarms.
14 internal wallets were drained due to unauthorized transactions
It was discovered that 14 internal wallets accessible through the platform were used for this unauthorized withdrawal in the hack. While the total amount lost, about $170,000, is small by the standards of most respected DeFi exploits, the consequences are dire.
This incident highlights that, unlike traditional attacks where operational vulnerabilities are at the code level and can be exploited, it is the way AI systems do their job that can become a fundamental failure. Rather than directly compromising the security of the blockchain and its smart contracts, the attacker aimed to compromise the decision-making layer above it.
This attack model may usher in a new era of cryptographic security, where code not only needs to be written securely, but also requires the rigorous application of AI alignment techniques; Needs to ensure input validation in all input formats; There were formal checks across the systems.
Additionally, the incident raises pressing questions about how many other AI-based protocols may inadvertently contain similar vulnerabilities.
Update: We have identified that an attacker was able to access 14 bank wallets.
We’ve shut things down temporarily while we work out the details. We will compensate any and all lost funds.
We will provide more updates as we have them. https://t.co/gVMLexiglT
— Banker (@bankrbot) May 19, 2026
Bankr undertakes to refund the full amount and continue enquiry
To address the breach, Bankr has pledged to fully compensate affected users. The platform has not yet shared specific dates or methods for payment but promises to share updates as the investigation progresses.
With user trust being essential for early-stage AI-powered platforms, being proactive in this regard makes sense. The Banker absorbs losses on its balance sheet, which indicates financial strength and a willingness to assume responsibility.
Meanwhile, the platform has secured compromised systems to prevent further exploitation and is undergoing a full review of its architecture. In this review this includes rethinking how AI output layers undergo validation before an on-chain transaction begins.
Banker’s reaction illustrates a broader trend across the industry: rapid containment of incidents, transparency with affected users, and user compensation have become an integral part of crisis management in the cryptocurrency space.
The trend toward AI-powered breaches is raising alarm bells in the industry.
This comes just one day before another AI-enabled platform, Echo, was subjected to a similar attack. Taken together, this points to an emerging trend: adversaries are looking to attack AI layers rather than the underlying blockchain infrastructure.
This development represents a strong challenge for developers and those who conduct security research. Traditional auditing frameworks focus on the security of smart contracts, while AI-enhanced systems need more protection mechanisms, layer upon layer of protection in the form of fast filtering, contextual verification, and a clear separation between interpretation and implementation.
The risks have increased as artificial intelligence continues to infiltrate the worlds of trading, asset management, and decentralized finance automation. Protocols that neglect to secure these AI layers run the risk of exposing users to new types of exploits.
At the same time, the Bankr hack is a warning: as AI innovation and use across industries continue to accelerate, security models also need to shift. Without this balance, improvements aimed at making us work smarter, not harder, could become the ultimate vector for our next-generation attacks.
Disclosure: This is not trading or investment advice. Always do your research before purchasing any cryptocurrency or investing in any services.
Follow us on Twitter @themerklehash To stay up to date on the latest Crypto, NFT, AI, Cybersecurity, and Metaverse news!
