كيف استخدم أحد المتداولين شفرة مورس لخداع Grok لإرسال مليارات العملات المشفرة من محفظته التي تم التحقق منها
Burns Brief
كان وضع علامة @grok في منشور X بالإضافة إلى بعض النقاط والشرطات هو كل ما كان مطلوبًا الليلة الماضية حتى يتمكن ممثل سيء من سرقة محفظة عملات مشفرة تم التحقق منها دون لمس المفاتيح الخاصة على الإطلاق. يقوم المشاركون في السوق بتقييم الآثار المترتبة على ذلك بعناية، ومن المرجح أن تعتمد النتيجة على الظروف الكلية الأوسع والحجم. راقب تأكيد حجم التداول - الاختراق فوق متوسط الحجم سيشير إلى أن الاتجاه من المرجح أن يستمر.
Tagging @grok in an X post plus a few dots and dashes was all that was needed last night for a bad actor to pickpocket a verified crypto wallet without ever touching the private keys. Agentic token launchpad, Bankrbot reported on May 4 that it had sent 3 billion DRB on Base to the recipient 0xe8e47...a686b. The funds came from a wallet assigned to X's AI, Grok, and were sent to an unauthorized wallet owned by a bad actor. This Base transaction shows the on-chain transfer path behind the post. CryptoSlate's review of X posts around the incident points to a reported command path that began with Morse-code obfuscation. Grok decoded the text into a clean public instruction tagging @bankrbot and asking it to send the tokens, while Bankrbot handled the command as executable. The exposed layer was the handoff from language to authority. A model that decodes a puzzle, writes a helpful reply, or reformats a user's text can become part of a payment rail when another agent treats that output as valid. For crypto investors, this transfer should turn AI-agent risk from an abstract security debate into a wallet-control problem. A public command can become spend authority when one system treats model output as an instruction and another system has permission to move tokens. Wallet permissions, parser, social trigger, and execution policy become layers of attack vectors. Related Reading The crypto winners from AI are not AI coins as agents start spending autonomously The rise of AI agents is creating a simple question with huge implications for crypto: how does software pay? Mar 28, 2026 · Andjela Radmilac Posts and transaction context reviewed by CryptoSlate put the DRB transfer at roughly $155,000 to $200,000 at the time, with DebtReliefBot price data providing market context for the token. Reports reviewed by CryptoSlate also say most funds are being returned, and some DRB is reportedly retained as an informal bug bounty. That outcome reduced the loss, but it also showed how muc
Key Takeaways
- Tagging @grok in an X post plus a few dots and dashes was all that was needed last night for a bad actor to pickpocket a verified crypto wallet without ever touching the private keys
- Agentic token launchpad, Bankrbot reported on May 4 that it had sent 3 billion DRB on Base to the recipient 0xe8e47
- The funds came from a wallet assigned to X's AI, Grok, and were sent to an unauthorized wallet owned by a bad actor
- This Base transaction shows the on-chain transfer path behind the post
- CryptoSlate's review of X posts around the incident points to a reported command path that began with Morse-code obfuscation