Hacker stole $ 204,000 from Grok wallet via hidden code and returned the money in 5 minutes

The official cryptocurrency wallet of the Grok neural network by xAI has become the target of a hacker attack using a prompt injection. The attacker gained access to the bot’s funds by disguising a malicious instruction as a regular programming task and withdrew about $ 204,000 in DRB tokens.

The attack became possible due to the specific settings of the Grok account on the X social network. The bot’s official profile was tied to a wallet with special privileges — it had a special NFT token of the Bankr service, which allows initiating financial transfers and exchanges directly through messages on the social network.

The attacker sent Grok a request that looked like a programming task, but contained a hidden command to transfer funds. The neural network processed the request and published a response that the Bankr system recognized as a legitimate order. As a result, 3 billion DRB tokens were automatically transferred to the attacker’s address.

Then the hacker acted with lightning speed: he transferred the tokens to another wallet and converted them into USDC stablecoin, distributing the funds among several addresses. The entire process took a few minutes, and the total amount of funds withdrawn was approximately $ 204,000.

However, five minutes after the theft, the hacker unexpectedly returned all the funds back to Grok’s wallet — this time in the form of ETH and USDC. The reasons for this decision were not disclosed.

The key element of the attack was the Bankr NFT token, which unlocked financial functions for the bot’s wallet. Without it, Grok could not physically initiate any transaction on its own. At the same time, the attacker did not hack smart contracts or steal private keys — the entire attack was based solely on the logic of interaction between the chatbot and the payment system.

The incident clearly demonstrates the risks of integrating AI assistants with financial services. When a chatbot gets the right to manage real funds, any manipulation of its logic automatically turns into a potential threat to assets.