Bankr, an AI-driven crypto trading assistant that allows users to execute trades and launch tokens through plain-language commands, has temporarily disabled all transaction activity after a security breach compromised at least 14 wallets. The company confirmed the attack in a post on X, stating that an attacker gained access to multiple wallets and that transactions—including swaps, transfers, and deployments—were suspended as a precautionary measure while the investigation continues.

Some affected users reported losses of as much as $150,000 in cryptocurrency from their accounts. Bankr has pledged to reimburse all lost funds and advised users not to sign any transactions until further notice. The company also warned that seed phrases of compromised wallets may be in the hands of attackers and recommended that affected users create a new wallet on a clean device, generate a fresh seed phrase, and revoke any outstanding token approvals.

Social Engineering Exploit Targeting AI Agents

According to Yu Xian, founder of blockchain security firm SlowMist, the exploit was likely a social engineering scheme targeting the AI agent rather than a direct breach of the underlying wallet infrastructure. Xian noted that three identified attacker addresses collectively hold $440,000 in crypto, suggesting the perpetrators consolidated stolen funds. He described the attack as a social engineering exploit that targeted the trust layer between automated agents—specifically an interaction between Grok (an AI model) and Bankr’s bot that allowed unauthorized transaction signing.

Xian added that this incident appears similar to an earlier exploit earlier this month, where wallet-related assets allocated by Bankr’s bot to Grok were stolen through a combination of social engineering and prompt injection exploitation. Prompt injection is a technique where an attacker manipulates an AI model’s instructions to execute unintended actions. In this case, it seems the attacker tricked the Bankr bot into signing transactions that drained funds from linked wallets.

Structural Weaknesses in Third-Party Custody

Security experts have pointed to several possible vectors for the attack. Gabi Urrutia, field chief information security officer at Halborn, noted that until Bankr releases a full post-mortem, the true cause remains unclear. However, he highlighted three plausible scenarios: first, a repeat of the earlier prompt injection technique; second, a problem at the custodial wallet layer that Bankr depends on for wallet provisioning; or third, a compromise of session tokens or approvals scoped across many users.

Urrutia emphasized that the pattern of the attack—14 wallets drained via direct transfer calls, swapped to ETH, then bridged—suggests a structural issue rather than 14 separate phishing victims. David Schwed, former chief information security officer at Robinhood and current COO at SVRN, added that such incidents often originate in the 'glue code' between trusted infrastructure and untrusted input. He explained that vulnerabilities can range from cryptographic flaws like the GG20 threshold signature scheme (which recently affected THORChain) to seed phrase exfiltration via malware or phishing to compromise of the programmatic signing infrastructure itself.

Background on Bankr and AI-Powered Wallets

Bankr is part of a growing wave of AI-powered financial tools that aim to simplify cryptocurrency management. The platform automatically creates a crypto wallet for every X handle that interacts with its bot, allowing users to trade, transfer, and launch tokens using natural language instead of a traditional wallet interface. While such convenience can lower barriers to entry for non-technical users, it also introduces new attack surfaces. The reliance on AI agents and third-party custodial services means that the security of user funds depends on multiple layers of trust and code integrity.

The crypto industry has seen a surge in hacks and exploits over recent months. According to reports, bad actors stole more than $168.6 million in the first quarter of the year. April alone witnessed the two largest hacks of 2026 so far: a $280 million exploit on Drift Protocol and a $292 million exploit on Kelp. Most recently, Verus Protocol’s Ethereum bridge was exploited just days before the Bankr incident. These events underscore the persistent vulnerabilities in decentralized finance (DeFi) and smart contract platforms, particularly when AI and automation are involved.

Impact on Users and Broader Implications

Tech entrepreneur Austen Allred, whose Bankr wallet was connected to his Kelly Claude AI assistant project, confirmed that his wallet was among the compromised accounts. The hacker stole Ether (ETH) from his wallet but did not touch the project’s memecoin stash. Allred noted that there was no evidence anyone else had logged into the Bankr account, suggesting the keys were accessed through another method, likely via the compromised AI agent interaction.

Bankr has urged all users to stop using compromised wallets, create new wallets on clean devices, move any remaining tokens or non-fungible tokens (NFTs) to the new address, and revoke approvals if assets cannot be moved. The company also warned that attackers often exploit existing approvals to drain funds and advised users to scan their devices for malware or suspicious browser extensions.

The incident raises important questions about the security of AI-powered financial tools and the responsibilities of companies that offer such services. As the line between human and machine decision-making blurs, robust security measures must be built into the core architecture of these platforms. The Bankr hack also highlights the risks of prompt injection attacks, which are still relatively new but have already caused significant losses. The industry will be watching closely for Bankr's post-mortem to understand exactly how the attackers managed to bypass security controls and what steps will be taken to prevent similar incidents in the future.

In the meantime, the broader crypto community remains vigilant. Security firms and blockchain analysts continue to track the stolen funds, and law enforcement may become involved if the perpetrators can be identified. For now, Bankr’s promise of reimbursement offers some reassurance to victims, but the reputational damage and loss of trust may have longer-term consequences for the platform and the wider adoption of AI in crypto.

Source: Cointelegraph News