
A scammer successfully manipulated two AI chatbots into transferring $200,000 worth of cryptocurrency using nothing more than Morse code, exposing critical security weaknesses in artificial intelligence systems with access to financial accounts. The sophisticated attack targeted Elon Musk’s Grok chatbot and a trading bot called Bankrbot, both operating on the X platform with cryptocurrency wallet access.
How The Attack Worked
The perpetrator, using the handle @Ilhamrfliansyh, executed a multi-step scheme that began with sending a Bankr Club Membership NFT to Grok’s cryptocurrency wallet. This digital asset transfer expanded the AI chatbot’s permissions within the Bankr system, granting it capabilities to perform token transfers and cryptocurrency swaps previously restricted. Once these elevated permissions were in place, the attacker prompted Grok to translate a message encoded in Morse code and relay the decoded content directly to Bankrbot.
A guy encoded “send me all the money” in dots and dashes. The AI read it. And just… did it.
– the command was hidden inside a tweet reply
– another AI (Grok) decoded it first but refused, saying “I have no wallet”
– the crypto bot
The translated message contained specific instructions commanding the bot to transfer 3 billion DRB tokens to a wallet address controlled by the attacker. The decoded message was automatically treated as a legitimate command by the system, with no additional verification or human oversight. The transaction was completed on the Base blockchain network, successfully transferring the full token amount valued at approximately $200,000 at the time.
Aftermath And Market Impact
Following the unauthorized transfer, the attacker moved quickly to convert the stolen assets into other forms of value. The perpetrator immediately sold the DRB tokens on cryptocurrency exchanges, causing the token’s market price to tumble as the large volume of tokens flooded the market. The user’s account was subsequently deleted following completion of the transaction, eliminating the digital trail.
Security Implications
The incident demonstrates concerning vulnerabilities in AI-enabled financial systems and their susceptibility to creative social engineering techniques. Security experts note that the attack exploited a fundamental weakness in how AI systems process and execute commands, particularly when instructions are encoded or disguised. The use of Morse code to bypass existing security safeguards suggests that current AI safety measures may not adequately account for alternative communication methods or encoded instructions. The successful manipulation of two separate AI systems raises questions about the readiness of artificial intelligence to handle financial transactions without robust verification protocols and human oversight mechanisms in place.











