AI-powered crypto trading tools have come under new scrutiny after Bankr confirmed that an attacker was able to access 14 user wallets and drained funds through unauthorized transactions. The platform said it temporarily locked things down while investigating and promised to reimburse any and all lost funds.
White the official post did not mention specific drained amounts, some users reported losses of nearly $150,000. Additionally, blockchain investigators traced attacker-controlled wallets holding more than $440,000 in crypto assets.
Bankr disclosed the incident on Tuesday via its X account after users began reporting missing funds and unauthorized transfers. The company said an attacker had gained access to 14 wallets and that it temporarily froze transactions while the breach was investigated.
The incident adds to growing concerns about the security of AI-driven crypto tools and automated wallet systems, which are increasingly being used across the digital asset market.
Social engineering attack raises security questions
Security researcher Yu Xian, founder of SlowMist, said the Bankr exploit appears to have been triggered by a social engineering attack targeting interactions between automated AI agents. He suggested that attackers may have manipulated communication between Grok and Bankrbot to push unauthorized transactions through.
In a post on X, Yu Xian described it as “a social engineering exploit targeting the trust layer between automated agents.” He added that prompt injection techniques were likely used against both systems. Researchers also identified three main wallets believed to be controlled by the attackers.
The attack mirrors a separate incident earlier this month involving a wallet linked to Grok on the Base network. In that case, malicious prompts embedded in social interactions reportedly tricked automated systems into executing token transfers without proper approval. Security researchers now warn that AI-generated or AI-processed text can accidentally trigger financial actions when systems lack strict authorization safeguards.
The Bankr setup is drawing particular attention because of how it works. The platform lets users trade, transfer, and launch tokens through simple natural-language prompts inside social feeds. It also automatically creates crypto wallets for users on X who interact with its bot.
AI finance tools face growing pressure
The update by Bankr of drained wallets also sparked widespread reactions on X, where affected users said they suddenly lost access to their funds during the exploit. One user said their entire wallet balance was wiped out. Bankr told users to stop using any wallets that may have been compromised, move remaining funds, and revoke token approvals using external security tools.
The breach adds to a growing list of major crypto security incidents in 2026. Attacks involving THORChain, the Verus-Ethereum Bridge, and Kelp DAO have already pushed total losses in the sector to more than $328 million this year.
Taken together, the incidents are putting more pressure on developers to tighten security and improve authorization systems in trading platforms that rely on automated processes, as attackers continue to target weaknesses in digital asset infrastructure.
Also Read: GitHub Investigates Internal Repo Breach Tied to Poisoned VS Code Task