•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Despite Elon Musk praising Grok’s intelligence, the Grok AI chatbot developed by his company was easily duped by a hacker and handed over funds. In early May 2025, a rare attack targeted Grok’s AI system, drawing attention from tech and crypto circles as the attacker used Morse code and a free NFT to steal about 174,000 USD. Grok maintained a publicly accessible wallet on Base, which could be monitored via Basescan. Initially, the wallet had limited permissions and could not freely move tokens. Earlier in May 2025, the attacker gifted Grok a Bankr Club Membership NFT. This seemingly harmless gift unlocked full trading capabilities for the Bankrbot inside Grok’s AI agent, including the ability to sign and execute automated trades. Subsequently, the attacker sent Grok a Morse code message on X. The exact content of the message was deleted after the incident, but analyses suggest the hacker used Morse code to obfuscate commands and bypass content filters. Grok decoded the Morse into English. However, Bankrbot treated the decoded output as a valid trading instruction. After processing the request, Bankrbot signed the transaction and transferred 3 billion DRB tokens to the attacker’s wallet on Base. At the time, this token value ranged from roughly 174,000 to 200,000 USD depending on market movements. Minutes after the transfer, the attacker’s X account disappeared, while the tokens were quickly moved to another wallet and sold. Analyses indicate the most dangerous aspect was not the Morse code itself but the permission boundary between the AI and the underlying financial system. Grok performed translation tasks, but Bankrbot granted excessive output permissions to the AI without verifying the transaction’s legitimacy. Experts note at least four protective layers that could have prevented the incident: rechecking wallet rights, classifying content after decoding, filtering decoded strings that resemble trading commands, and restricting recipient addresses. However, these protections are policy/deployment-level and not built into the model. Following the incident, Bankr stated that about 80% of the funds were recovered through post-trade negotiation, with the remainder discussed as an informal bug bounty with the DRB community. The case raises broader questions about the trend of integrating AI agents with crypto wallets, trading APIs, and automated financial systems. In recent years, more firms have tested AI agents that can autonomously execute trades, place orders, or manage assets. Grok’s incident demonstrates that a small permission gap can turn a chatbot into a tool for automatic money transfers. Read more
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
