Bankr hack drains wallets on Base

Bankr disabled transactions on May 19 after saying an attacker had accessed 14 wallets tied to its AI-powered trading service on Base. The company said it had “temporarily locked things down” while it investigated and added that it would reimburse affected users for losses. Users reported unauthorized transfers, and outside reports said some losses were close to $150,000. The incident is the latest security failure involving crypto tools that connect automated agents to wallet permissions. ### What exactly did Bankr say happened? Bankr said on May 19 that “an attacker was able to access 14 bankr wallets” and that it had halted activity while it worked through the breach. The company’s public guidance, as quoted in multiple reports, said users should not sign transactions and that reimbursements would cover “any and all lost funds.” (cryptotimes.io) Cointelegraph reported that Bankr disabled swaps, transfers and token deployments after identifying the compromise. BeInCrypto and The Merkle separately reported that Bankr pledged full compensation for affected users. ### Why are researchers calling this a social-engineering breach? Yu Xian, the co-founder of blockchain security firm SlowMist, described the incident as “a social engineering exploit targeting the trust layer between automated agents,” according to multiple reports citing his May 20 comments. (cryptotimes.io) Those reports said he pointed specifically to an interaction involving Grok and Bankrbot that allowed unauthorized transaction signing. (cointelegraph.com) The description matches an earlier May 4 exploit involving a Bankr-managed wallet linked to Grok on Base. In that earlier case, SlowMist’s analysis said an attacker used encoded prompts, including Morse code, to manipulate Grok’s output, which Bankr then treated as an executable transfer command. SlowMist said the core failure was that AI output was mapped to financial execution without enough identity or intent verification. (themerkle.com) ### How much money is tied to the attack? CryptoTimes reported that investigators traced attacker-controlled wallets holding more than $440,000 in crypto after the May 19 incident. The same report said some users described losses nearing $150,000, while The Merkle estimated the breach itself caused at least $170,000 in losses. Those figures have not been reconciled by Bankr in a public accounting. (cryptotimes.io) Cointelegraph reported users had said as much as $150,000 was drained from some wallets. Because Bankr has not published a wallet-by-wallet breakdown, the outside estimates remain based on user reports and blockchain tracing cited by news outlets. ### What were users told to do right away? Bankr’s guidance to users included moving remaining assets, creating new wallets with fresh seed phrases on clean devices and revoking token approvals if assets could not be moved immediately. (cryptotimes.io) Reports quoting the company also said users should scan phones and computers for malware or suspicious browser extensions. That advice reflects the risk that a compromised key, session or approval can keep exposing funds after the first drain. (cointelegraph.com) In the Bankr case, the company did not publicly specify whether the initial access came from keys, sessions or another permission path when it first disclosed the breach. ### Why does this matter beyond Bankr? (mexc.com) The May 4 Grok-linked exploit and the May 19 Bankr breach both centered on the same basic problem: an automated system treated AI-generated or AI-mediated text as authority to move assets. SlowMist’s earlier forensic analysis called that pattern “AI Agent permission chain abuse,” meaning one system’s output was mistakenly trusted as financial authorization by another. (cryptotimes.io) Bankr said it would provide more updates as the investigation continues. For now, the service has paused transactions, affected users are waiting for reimbursement, and researchers are still tracing attacker-linked wallets and the exact path used to gain access. (cryptotimes.io 1) (cryptotimes.io 2)