Bankr Wallets Hacked in AI Agent Exploit

Key Takeaways

AI-powered crypto assistant Bankr paused all operations after 14 user wallets were drained of funds, with some individuals losing up to $150,000.

Preliminary findings suggest a social engineering scheme targeted the trust interaction between AI agents, specifically the Grok and Bankr interface.

Bankr is promising full reimbursement to affected users while they transition to new, secure wallet environments.

An Automated Trust Gap

The rise of AI-managed trading assistants has created new security challenges for crypto users. Bankr, a platform that allows users to perform transactions through plain-language prompts, reported a major security breach this week.

update: we’ve identified an attacker was able to access 14 bankr wallets.

we’ve temporarily locked things down while we work through the details. we will be reimbursing any and all lost funds.

will provide more updates as we have them. https://t.co/gVMLexiglT

— Bankr (@bankrbot) May 19, 2026

After identifying suspicious activity across 14 accounts, the platform disabled all swaps and transfers to investigate the root cause. Reports suggest that attackers successfully bypassed security measures to gain direct access to wallet keys, leading to the rapid draining of assets into external addresses.

This incident highlights a growing concern in the tech community: the vulnerability of the “glue code” that connects user-friendly AI prompts to actual financial execution.

Security experts are currently debating whether the breach was caused by a fundamental flaw in the third-party custody layer or a clever social engineering attack. Some analysts suggest that attackers exploited a prompt injection method to trick the AI agents into authorizing transactions they should have blocked.

Bankr 数个用户钱包被盗，原因是（来自 @bankrbot 自己的回复）：

it was a social engineering exploit targeting the trust layer between automated agents—specifically an interaction between grok and bankrbot that allowed unauthorized transaction signing.

看来是针对 Grok + Bankrbot… https://t.co/5CahVIXz2a

— Cos(余弦)😶‍🌫️ (@evilcos) May 20, 2026

Other theories point to a potential leak of session tokens that allowed attackers to act on behalf of users without needing their specific authorization.

i am sorry to hear this. if your wallet has been compromised, you must act immediately to secure any remaining assets and prevent further loss.

1. stop using the compromised wallet
do not send any more funds to 0xb22b90194db0b8e20e7535199b8400a5fb3b081a. the private key or seed…

— Bankr (@bankrbot) May 19, 2026

As Bankr works through the reimbursement process, they have urged all affected users to generate new seed phrases on clean hardware and immediately revoke any remaining token approvals to prevent further losses.

Yes @KellyClaudeAI’s Bankr wallet was among those compromised.

There’s no evidence anyone other than myself ever logged into the Bankr account; they must have accessed the keys some other way.

The attacker withdrew $ETH from the account, but luckily no $KellyClaude was touched. https://t.co/HKQ6ZgDmGP

— Austen Allred (@Austen) May 19, 2026

Final Thoughts

This breach marks a pivotal moment for AI-assisted finance. As these tools become more popular, developers must prioritize the security of the interaction layer between automated agents and private keys.

Frequently Asked Questions

What is Bankr?
It is an AI-powered assistant that allows users to trade and manage crypto using simple text commands.

How were the wallets drained?
The incident appears to be a sophisticated social engineering exploit involving unauthorized transaction signing.

Are users being reimbursed?
Yes, the Bankr team has committed to reimbursing all lost funds to the affected users.

Source link