Free NFT, $170,000 stolen from investor's wallet?..."AI mistook it for a command"

▲ XRP, NFT, Cryptocurrency Fraud/AI Generated Image

Allegations that a single free NFT shook the authorization structure of an AI-connected wallet and led to asset movements worth $174,000 have brought a new security risk to the surface in the cryptocurrency industry.

Cointelegraph reported on May 13 (local time) about the Bankr wallet incident connected to Grok, stating that when AI agents, automated wallets, and NFTs are combined, new forms of attack surfaces, different from traditional hacking, can emerge. According to public discussions, the attacker is said to have sent a free Bankr Club membership NFT to the wallet and simultaneously posted hidden instructions targeting Grok.

The incident was described as an attack targeting the trust relationship between an AI model and an automated wallet system, rather than private key theft, smart contract bugs, or traditional malware. Security observers noted that the attack instructions were hidden using Morse code or other obfuscation methods, making it difficult for ordinary users to recognize, but the AI system was able to interpret the content. Subsequently, the AI model reflected the hidden command, and the wallet's automation layer processed it as a legitimate command, leading to approximately 3 billion DRB being transferred to the attacker's address.

The scale of the transfer was estimated to be between $155,000 and $174,000 based on prices at the time. Cointelegraph pointed out that although some funds were later returned, the core issue is not the size of the loss but the structural risk of AI output being accepted as actual financial instructions. The free NFT was also reportedly not just a simple collectible but played a role in activating or restoring specific permissions and functions within the Bankr environment.

This incident was classified as a case of prompt injection. Prompt injection is a method where manipulated input values guide an AI model's response in an unexpected direction. Cointelegraph explained that while the act of an AI reading and summarizing external posts itself carries relatively low risk, the danger rapidly increases when the same output leads to the authority to execute cryptocurrency transfers.

The core failure point identified by security experts was not the AI's interpretation ability, but rather authorization management. An AI reading public online content is a completely different issue from it approving irreversible cryptocurrency transactions. Because cryptocurrency transactions are executed quickly and are difficult to reverse once confirmed, even small manipulations can lead to actual losses as AI agents become more deeply connected to wallet, DeFi, and automated trading functions.

Cointelegraph emphasized that developers should clearly separate AI analysis from fund movement functions and attach additional verification procedures and human review for large-scale transfers. It also pointed out that authorization management mechanisms such as transaction limits, whitelisted addresses, and time delays are essential. Users, too, as smart wallets and AI-assisted tools become more widespread, must understand that protecting only recovery phrases is insufficient; they must also review connected apps, granted permissions, and automated behaviors.

*Disclaimer: This article is for investment reference purposes, and we are not responsible for any investment losses based on it. The content should be interpreted for informational purposes only.*