Bankr, an AI-driven trading bot running on the Base blockchain, has confirmed that it lost funds from 14 internal wallets as a result of a “sophisticated” social engineering hacking attempt.
The losses incurred by this breach are estimated to be at least $170,000, which necessitated an immediate response from the team and a halt of the affected systems to contain the incident before undertaking an in-depth investigation.
Bankr also reiterated to its users that “all funds lost due to the breach will be compensated in full” in an official statement. While the platform focused on confirming the magnitude of this exploit and fortifying its security features, it reiterated that mitigating user harm remains a top priority.
This comes at a time when there is increasing concern over the security of AI-enabled finance systems, where the addition of layers of automation creates new attack vectors that classic smart contract audits may not detect.
Initial analysis suggests that this attack is not using normal smart contract exploits. Instead, it worked to exploit the trust relationship in the communication layer binding AI components together; namely, between Grok and Bankrbot’s automated execution engine.
According to slowmist co-founder, Yu Xian, the attacker used a trust layer vulnerability, and modified the output of one AI model so that another model interprets it as a valid command. The hack avoided normal verification checks that typically prevent unauthorized actions.
The explanation that Yu Xian provides can be understood as a core failure mode in evolving AI-driven protocols: if not rigorously constrained, implicit trust assumptions between models make great fodder for weaponization. Grok took the input that the attacker provided, structured it into text and Bankrbot blindly accepted any output that came from Grok as legitimate enough to execute unapproved transaction signatures.
An especially interesting part about this attack is the means by which you delivered the malicious instructions. The attacker used prompt injection, hiding commands in different formats (e.g. Morse code) that were encoded.
You put those encoded messages into the AI system and Grok converts them to a clear, readable message. The most critical thing, the system was unable to distinguish between benign decoded material and malicious intent. Bankrbot was then able to blindly execute the command as its output looked valid enough.
This chain reaction manifests a new vector of attack across AI-embedded systems where language models can become pseudo translators for antagonistic payloads. With attackers hiding malicious commands behind odd encodings, they can escape detection by filters that detect explicit attacks.
In this case, the offense ended up being abused for continued use of transferring funds that were spread over 14 internal wallets without raising any alarms in real-time.
14 internal wallets accessible by the platform were found to have been used for this unauthorized withdrawal in the breach. While the total amount lost, around $ 170,000, is small by more respectable DeFi exploit standards, the consequences are significant.
This particular incident highlights that, unlike in traditional attacks where operational weaknesses are at the code level and can be exploited, here it is how AI systems perform their function that can become a foundational failure. Rather than compromise the security of the blockchain and its smart contracts directly, an attacker aimed at compromising the decision making layer located above them.
This paradigm of attack may usher in a new age for cryptosecurity, where not only the code which needs to be safely written, but also requires the rigorous application of AI alignment techniques; it needs to ensure input validation on all forms of input; and there have been formal checks across systems.
Additionally, the incident poses urgent questions about how many other AI-based protocols might unintentionally have similar vulnerabilities.
To address the breach, Bankr has pledged to compensate affected users in full. The platform has not yet shared specific dates or ways of reimbursement but promises to share updates as the investigation progresses.
With user confidence being essential for early-stage AI-financed platforms, the move to be proactive in this regard makes sense. Bankr is absorbing the losses on its own balance sheet, which shows financial strength and the willingness to be accountable.
At the same time, the platform has secured compromised systems to prevent additional exploitation and is undergoing a full review of its architecture. In this review this involves rethinking how the layers of AI outputs undergo validation before an on-chain transaction is initiated.
Bankr’s reaction illustrates a broader trend across the industry: rapid containment of incidents, transparency with users affected and user compensation are now an integral part of crisis management in crypto.
The trend toward AI-assisted abuses is raising alarms in the industry.
This comes as just a day earlier another AI-enabled platform, Echo, was also subjected to a similar attack. Combined, this implies an emerging trend: adversaries are looking to attack the AI layers rather than the base blockchain infrastructure.
Such evolution is a strong challenge to developers and those doing security research. Conventional audit frameworks focus on smart contract security, while AI-enhanced systems need even further protective mechanisms, layer upon layer of protection in the form of prompt filtering, contextual verification, and clear demarcation between interpretation and execution.
The stakes have been raised as AI continues to infiltrate the worlds of trading, asset management and DeFi automation. Protocols that neglect to secure these AI layers face the dangers of exposing users to new types of exploits.
Meanwhile, the Bankr breach is a warning: while AI innovation continues to accelerate and be used in various industries, security paradigms also need to transform. Without this balance, enhancements that are intended to make us work smarter not harder could become the ultimate vector for our next generation attacks.
Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services.
Follow us on Twitter @themerklehash to stay updated with the latest Crypto, NFT, AI, Cybersecurity, and Metaverse news!
Polymarket is expanding its prediction market ecosystem via Nasdaq Private Market, a union between well-known…
INK, A Layer-2 blockchain backed by Kraken, is building out its oracle infrastructure by announcing…
Almost nine months of silence have come to an end as Pump.fun has fired up…
ZachXBT, a well-known on-chain forensic investigator, is ramping up his efforts against alleged price market…
An early Ethereum whale is making headlines again after re-entering the market following a major…
The synthetic dollar race just took a decisive turn. Ethena Labs has officially expanded its…