Bankr Wallets Compromised as $170K Drained on Base

Steady attention without excessive speculation.

Bankr’s official X account acknowledged the incident at 15:51 GMT. The team confirmed it was “investigating reports that several bankr wallets have been compromised” and had “transactions disabled out of caution.” However, on-chain evidence shows the first drain occurred around 10:58 UTC, nearly five hours before that public statement.

What Happened When Bankr Wallets Were Compromised

On-chain data from Basescan confirms at least one major drain. Specifically, a single transaction moved 118,249,610.81 $BNKR tokens worth approximately $56,987 from a compromised wallet.

The attacker used a direct transfer() call rather than a transferFrom. As a result, this confirms the attacker signed the transaction directly using the wallet’s private key. No token approval or delegation played a role.

On-chain analyst @0xaqt estimated total losses at roughly $170,000 across multiple wallets. According to on-chain records, the attackers swapped drained funds to ETH on Base and then bridged them to Ethereum mainnet.

How Bankr Wallets Work

Bankr is a natural-language AI agent on Base, the Coinbase-backed Ethereum L2. It lets users launch tokens, swap, bridge, and manage wallets via X replies, DMs, or a web terminal.

Privy generates all user wallets through its embedded-wallet infrastructure. Because of this design, users never see or handle private keys directly. Instead, the backend holds session keys and executes trades via API keys with IP whitelisting.

Consequently, a compromise of signing authority carries more weight than a typical approval exploit. In this case, someone gained direct access to sign transactions from these wallets.

Bankr Points to Phishing or Session Leak

In a technical reply at 17:32 GMT, Bankr analyzed a specific drain. “The transaction was a direct transfer call, not a transferFrom,” the team wrote. Therefore, “this means the transaction was signed directly by your wallet’s private key.”

Bankr suggested two possible vectors. Either a malicious site or browser extension compromised the user’s Privy session, or a phishing attack captured a “permit” or “permit2” signature.

Still, not all Bankr wallets fell victim to the attack. The team confirmed that many users’ holdings remained intact. As a result, this pattern suggests the attackers targeted specific sessions rather than exploiting a systemic backend vulnerability.

Suspected Attacker Addresses Identified

Bankr flagged several addresses tied to the drains. In particular, the team warned users not to send funds to 0xb22b90194db0b8e20e7535199b8400a5fb3b081a. Additionally, two other addresses appeared in user reports: 0x04439150b4704e16c6d7a33f14acaa35a62924ab and 0x828ac1a064e35e5329523f718f718a210ddcbad7.

Meanwhile, Bankr activated an architectural kill-switch. The backend now blocks all outbound transactions from managed wallets until the team identifies and patches the attack vector.

BNKR Token Takes a Hit

The $BNKR token dropped roughly 10.5% to 11.6% within 24 hours of the incident. According to CoinGecko data, it traded at approximately $0.000467 to $0.000492, with a market cap between $46 and $49 million.

At the same time, trading volume surged to between $9 and $13 million. The transaction pause and community anxiety likely contributed to the sell-off, although direct causal attribution remains difficult this early.

Community Reacts With Caution

Sentiment on X ranged from panic to measured support. For instance, some users reported losing funds and demanded answers. Others, however, expressed confidence in the Bankr team.

Analyst @0xaqt offered a technical breakdown. He noted the attacker “had direct signing access to Privy-managed embedded wallets.” Furthermore, the exploit “doesn’t appear to be an approval exploit or smart contract bug.”

Some community members also raised concerns about custodial risk. One user commented: “people keep their money in a wallet that has no private keys. Welcome to BANKR BANK.”

A minority speculated about an inside job. So far, however, no strong evidence supports insider malice. The dominant view treats this as a legitimate external compromise.

What Remains Unknown

Several critical questions remain unanswered. For example, no one has confirmed the exact total of funds lost. Similarly, the precise attack vector is still under investigation.

Bankr has not confirmed whether the team fully contained the vulnerability. In addition, it remains unclear whether non-Base wallets, including Solana accounts on the platform, suffered any impact. Bankr has not yet released a full post-mortem.

Recovery of on-chain funds is typically unlikely without mixer tracing or attacker cooperation. Accordingly, Bankr has not commented on potential reimbursement.

What Bankr Users Should Do Now

Bankr has advised affected users to generate new wallets and revoke existing sessions. Users should also check their transaction history on Basescan for unauthorized activity.

Anyone who interacted with suspicious sites or browser extensions while using Bankr should assume their session is at risk. Tools like revoke.cash can help audit token approvals as an additional precaution.

The incident underscores a growing tension in AI-powered crypto platforms. Convenience and abstraction attract users, but embedded wallet architectures create new trust assumptions. When those assumptions break, users may have limited recourse. For now, users should monitor @bankrbot for the latest updates on the Bankr wallets compromised incident.

This article is for informational purposes only and does not constitute financial advice. Always do your own research before making investment decisions.