Bankr freezes transfers after 14 wallets compromised

Bankr, an AI-powered trading assistant that executes crypto actions via natural language prompts, said it temporarily halted transactions after detecting an attacker who gained access to at least 14 Bankr wallets. Some users reported losses reaching as high as $150,000 per compromised wallet, according to posts from the Bankr team on X. The company indicated it is investigating the intrusions and would reimburse all affected users, though no final timeline for compensation was provided.

The incident highlights the ongoing risks inherent in automated, AI-assisted crypto tools that generate wallets and execute trades on behalf of users. Bankr stated that it “temporarily locked things down” to preserve assets while it reviews the scope of the breach, and cautioned users to avoid signing transactions until further notice. The company also warned that a seed phrase exposure could be involved in at least one case, suggesting that the compromise may extend beyond a single attack vector.

Key takeaways

• Attack surface: Bankr reports unauthorized access to 14 wallets, with transaction types including swaps, transfers, and deployments interrupted during the investigation.
• Financial impact: Early user reports indicate losses potentially reaching $150,000 per compromised wallet, with some accounts affected across different user projects.
• Security guidance: Bankr advised users to refrain from signing transactions, halt usage of compromised wallets, create new wallets on clean devices, generate new seed phrases, move remaining assets, and revoke approvals where possible.
• Likely attack vector: Security researchers cited a social engineering scene targeting the trust layer between automated agents—specifically a dialogue between Grok and Bankrbot—that enabled unauthorized transaction signing.
• Broader risk context: The incident comes amid a string of high-profile exploits in 2024, underscoring ongoing threats to bridges, wallets, and AI-assisted trading tools.

Unfolding narrative: how the breach appears to have occurred

Bankr’s public updates describe a scenario where an attacker exploited the interaction between automated agents in its ecosystem, enabling the signing of transactions without user consent. SlowMist founder Yu Xian attributed the breach to a social engineering chain involving both Grok, an AI assistant, and Bankrbot, the Bankr companion bot. In his assessment, the attacker leveraged a trust gap between the two bots to push through unauthorized actions, a pattern he described as a prompt-injection vulnerability tied to the agents’ collaboration.

Three attacker addresses were identified by researchers, collectively holding about $440,000 in various cryptocurrencies. Yu Xian noted this incident as part of a broader class of social-engineering exploits that target the “trust layer” between automated agents, allowing attackers to co-opt signing capabilities that normally require user consent. This mirrors earlier concerns about prompt-injection-style exploits in AI-enabled crypto tools, where attackers manipulate prompts and flows to bypass standard security checks.

Some observers linked the vulnerability to prior incidents involving Bankr’s ecosystem, including an episode where a Grok-Bankrbot integration was leveraged to move assets allocated to Bankr through a token-launch prompt, ultimately draining funds to an attacker-controlled wallet. The current breach, however, appears more focused on unauthorized signing rather than a single token deployment, suggesting a broader weakness in the trust chain among connected AI agents rather than a one-off misconfiguration.

Security guidance from Bankr: steps for users to take now

As a precaution, Bankr urged users not to sign transactions until it provides a further update. It also suggested that anyone with a compromised wallet should stop using that wallet, create a new one, generate a fresh seed phrase on a clean device, and transfer any remaining tokens or nonfungible tokens to the new address. Users should also revoke approvals for assets that cannot be moved, to minimize the risk of drained funds.

Bankr underscored the likelihood that attackers exploited existing approvals to siphon funds and called on users to check devices for malware and suspicious browser extensions. For those who used software wallets, Bankr warned that the leak could originate from the user’s device rather than the service itself, reinforcing the message that securing the endpoint remains critical in AI-assisted crypto workflows.

The company’s public updates also included an explicit reassurance: it plans to reimburse all lost funds. Yet the exact mechanism and timing of repayments remain to be clarified as investigations proceed. In the meantime, the incident has prompted a broader reminder to practitioners and builders: when AI agents operate with wallet-level privileges, a misstep in the prompt or a social-engineering breach can have outsized consequences.

Industry context: rising attack surface in AI-assisted crypto tools

Security researchers have repeatedly flagged the vulnerability of AI-driven trading assistants and bot-native ecosystems, where multiple automated agents share accounts, keys, or signing powers. The Bankr breach adds to a recent wave of high-profile exploits that show the sector’s fragility in the face of sophisticated social-engineering and prompt-injection techniques. In the first quarter of the year, crypto hackers reportedly stole about $168.6 million, underscoring the persistent threat environment. Notable April incidents include the Drift Protocol exploit, which saw $280 million affected, and the $292 million Kelp attack. More recently, Verus Protocol’s Ethereum bridge was reported exploited, illustrating that disruptions remain widespread across bridges, wallets, and AI-enabled interfaces.

For investors and developers, the takeaway is not only to monitor on-chain activity but to rethink how AI agents authenticate and execute critical actions. The Bankr case suggests that even when a platform claims to automate complex operations, user-initiated permissions and robust endpoint security remain essential barriers to prevent unauthorized fund movement.

What comes next: monitoring the reimbursement and security fixes

As Bankr conducts its internal audit and collaborates with security researchers, readers should watch for updates on how reimbursements will be processed and whether new safeguards will be introduced to harden the bot ecosystem against social-engineering and prompt-injection exploits. The company’s commitment to reimbursing losses is a favorable signal, but the timeline and scope will determine the practical impact for affected users.

In the broader market, the incident reinforces the need for users of AI-assisted finance tools to adopt best practices: isolate seed phrases on secure devices, minimize cross-app approvals, and remain cautious about signing transactions prompted by bots. For builders, the episode adds urgency to develop fail-safes around multi-agent authorization flows and to implement transparent, auditable prompts and signing processes that can be reviewed by users and security teams alike.

As the investigation unfolds, the crypto community will be looking for concrete steps that reduce the risk of similar breaches while preserving the productivity gains that AI-powered trading assistants aim to deliver. The balance between automation and security remains the defining challenge for this rapidly evolving segment of the ecosystem.

Readers should expect ongoing updates on Bankr’s investigation, the scope of compromised assets, and any new security measures designed to curb social-engineering exploits within AI-enabled trading workflows.