Bankr Halts Transactions After Attacker Drains 14 Wallets

Bankr, an AI-powered crypto assistant, disabled swaps, transfers and token deployments on Tuesday after identifying an attacker who accessed at least 14 wallets and drained as much as $150,000 from some accounts. The company posted on X that it temporarily locked transaction functions while it investigates and that it will reimburse confirmed losses.

Bankr’s platform lets users give plain-language commands to an AI to trade, transfer and launch tokens. The service automatically creates an on-chain wallet for each X handle that interacts with its bot. That automatic-wallet feature has been linked to prior incidents in which automated agents were manipulated to request token launches and route funds to attacker-controlled addresses.

Yu Xian, founder of security firm SlowMist, described the breach as a social engineering attack aimed at the trust layer between automated agents. He wrote that the exploit involved an interaction between Grok and Bankrbot that enabled unauthorized transaction signing and resembled earlier prompt-injection style abuses targeting wallet-related assets.

Blockchain analysis tied three attacker addresses to the incident and showed they collectively hold about $440,000 in crypto. Tech entrepreneur Austen Allred reported that a Bankr wallet connected to his Kelly Claude AI assistant was among those compromised; he said Ether was taken while the project’s memecoin holdings were not affected. Allred added there is no evidence anyone else logged into the account, indicating the attacker obtained keys by other means.

Bankr advised users not to sign transactions until further notice. The company warned at least one user that their seed phrase “is likely in the hands of an attacker” and recommended that anyone with a compromised wallet stop using the address, create a new wallet and seed phrase on a clean device, move remaining tokens or NFTs to the new address, and revoke approvals for assets that cannot be moved. Bankr also urged users to scan devices for malware and suspicious browser extensions.

Crypto theft has increased in recent months. Security trackers show more than $168 million stolen in the first quarter of the year, and April included several large exploits that drained funds in the low hundreds of millions. Other bridges and protocols have reported losses in recent weeks.

Bankr said it is investigating the full scope of the compromise, will reimburse users for confirmed losses and will provide additional updates as the probe continues.