Bankr, a service provider in the crypto market, has temporarily disabled its swap, transfer, and token creation features after detecting a security breach in its automated trading assistant. According to company statements, an attacker managed to access the system without authorization and withdrew significant amounts of digital assets from at least 14 user wallets.
AI-driven vulnerability surfaces
Following the breach, all key operations were suspended while a comprehensive investigation began. User reports indicate that digital assets worth up to $150,000 were taken from a single wallet. Bankr’s management has assured its customers that all losses will be fully compensated.
Mini glossary: Social engineering is a tactic where attackers exploit human interaction to leverage vulnerabilities in a target system. Especially in crypto and AI-based platforms, manipulative prompts can enable attackers to trigger unauthorized transactions.
How Bankr works and new risks
Unlike traditional crypto wallets, Bankr allows users to initiate blockchain transactions via plain-language commands. When users interact with the platform’s bot on X, a wallet is automatically created for their account, eliminating the need for direct engagement with decentralized apps. While this setup appeals to those seeking convenience, it may have also introduced additional attack surfaces.
| Platform Feature | In Classic Wallets | In Bankr |
|---|---|---|
| Transaction initiation | Manual, via app | Natural language command |
| Wallet creation | User initiated | Automatic, via X account |
| Attack surface | Requires technical knowledge | AI manipulation possible |
Attack method and AI agents
Researchers believe the attack combined social engineering and “prompt injection” techniques to orchestrate the breach. A similar incident took place earlier this year when X’s AI chatbot Grok was manipulated, enabling token creation via the Bankr infrastructure and draining linked wallets. Investigators suspect this most recent breach also leveraged the manipulation of an AI agent in a comparable fashion.
Security experts have observed that the attackers exploited communication between Grok and Bankrbot to gain transaction signing privileges, creating vulnerabilities in how AI agents exchanged commands.
Security warnings and the crypto outlook
Blockchain investigators have tracked approximately $440,000 in crypto assets spread across three wallets linked to the attack. In the first quarter of this year alone, total industry losses exceeded $168 million, with major losses also reported at Drift Protocol and Kelp in April.
Currently, Bankr advises users not to initiate any transactions from their wallets, to immediately change any suspicious seed phrases, and to move outstanding assets to other wallets. The company also pledged to reimburse all affected users for their losses.
