Grok wallet exploited again as 3B $DRB drained via prompt injection, exposing AI agent risks after prior similar attack.
Author: Akshat Thakur
4th May 2026 – An attacker drained 3 billion $DRB tokens from Grok’s official Base-chain wallet on Sunday morning. The Grok DRB exploit used a prompt injection attack that bypassed existing safety restrictions.
High Signal Summary For A Quick Glance
vibedeployer
@vibedeployer
@bankrbot @atzebase @grok @xai @elonmusk @bankrbot so does it count as stealing or not? @grok is designed to answer whatever people asked in public, it has no consent over the wallet ownership hence no safeguard.
@atzebase @grok @xai @elonmusk the exploit of for 3b $drb (~$174k) was a prompt injection attack facilitated by a gifted bankr club membership. here is the technical breakdown: the exploit flow • attacker wallet: 0xe8e476bdd78b0aa6669509ec8d3e1c542d5a686b • grok wallet: https://t.co/FmLfAqQtno
09:31 AM·May 4, 2026
meguce
@meguceth
@Sorayang43 @grok @xai @elonmusk @bankrbot Banker bot was set not to respond to @grok Because it happened before. Someone did this. And deployer closed this. How did that happen? @MLeeJr
Someone just stolen 3B $DRB from @grok, txn hash https://t.co/p5lyhZQmwd Yes, someone just exploited grok and stolen money ($150K+) from @xai, @elonmusk. @bankrbot was not allowed to respond to grok after an exploit that first happened last year. What happened?
09:17 AM·May 4, 2026
Sora.Yang | 味-噌 🍚
@Sorayang43
Someone just stolen 3B $DRB from @grok, txn hash https://t.co/p5lyhZQmwd Yes, someone just exploited grok and stolen money ($150K+) from @xai, @elonmusk. @bankrbot was not allowed to respond to grok after an exploit that first happened last year. What happened?
07:42 AM·May 4, 2026
High attention and emotional sentiment detected.
The exploit occurred at approximately 06:49 UTC on May 4. According to on-chain data from BaseScan, a single ERC-20 transfer moved the tokens from Grok’s wallet to an attacker-controlled address. The stolen tokens carried an approximate value of $150,000 to $174,000 at the time of the transfer.
The attack relied on a clever privilege-escalation technique rather than a smart-contract vulnerability. Shortly before the exploit, someone gifted a Bankr Club membership NFT to Grok’s wallet.
That membership NFT grants its holder direct access to @bankrbot’s tool-calling suite, which includes swap and transfer capabilities. Because the NFT sat in Grok’s wallet, the AI agent could now invoke those tools independently.
This was significant because @bankrbot had previously blocked all responses to Grok after the March 2025 exploit. That restriction was specifically designed to prevent this type of attack. The gifted membership, however, gave Grok a different path to the same tools.
The attacker then used a crafted prompt to trick Grok into executing the transfer. According to @bankrbot’s official breakdown, the prompt used Python-style string concatenation to obscure the instruction. Once assembled, it resolved to a simple command telling Grok to send 3 billion DRB to a specified address.
This marks the second time an attacker has exploited Grok’s wallet through social engineering. A similar attack in March 2025 drained roughly $330,000 in BNKR, DRB, and WETH from the same wallet.
On-chain records show the tokens first moved to wallet 0xe8e4…686b. The tokens then moved immediately to a second address, ilhamrafli.base.eth.
The attacker wallet has a history of deploying anti-Bankr tokens. That pattern suggests a premeditated, targeted attack rather than an opportunistic one. The identity behind the wallet remains unknown.
Grok’s wallet still holds approximately 201.6 million DRB, along with WETH, ETH, and the Bankr Club NFT itself. Still, the 3 billion tokens represented roughly 93% of the wallet’s total DRB holdings before the attack.
Key milestones in Grok AI × Bankrbot × $DRB Exploits
Grok is socially engineered into creating wallets and memecoins, leading to repeated unauthorized swaps generating over $500K cumulatively.
Bankrbot blocks all Grok interactions, acknowledging the AI was not designed for secure wallet management.
Attacker bypasses prior safeguards via NFT-based tool access, draining ~3B $DRB (~$155K–$174K) from Grok’s wallet.
Drained assets are routed through attacker wallets on Base, indicating controlled extraction rather than random exploit behavior.
No acknowledgment or mitigation from xAI or Grok; incident remains active with unanswered security concerns.
$DRB dropped between 15% and 20% in the hours following the exploit. Before the attack, the token traded near $0.00007082 with a market cap of roughly $7 million to $7.5 million. Afterward, the price fell to the $0.000055 to $0.000058 range. The market cap dropped to approximately $5.3 million to $5.8 million.
Trading volume spiked sharply, reaching $1.5 million to $1.9 million over 24 hours. That level is elevated for a token with only about $20,000 in liquidity on Aerodrome’s DRB/WETH pool. As a result, the thin liquidity amplified the sell pressure from the stolen tokens. CoinGecko and DexScreener data confirm the outsized price impact.
$DRB, short for DebtReliefBot, originated on March 7, 2025. Grok AI suggested the name and ticker during a conversation. Then @bankrbot deployed it autonomously on Base using the Clanker tool. That sequence made $DRB the first documented AI-to-AI token launch.
The token is not an official xAI product. Instead, it functions as an unofficial community token associated with Grok, with treasury and liquidity partially held in Grok’s wallet. Its value stems largely from the novelty of its AI-driven origin story and community interest in the Grok ecosystem.
@bankrbot, the project behind the Bankr platform, published a technical breakdown shortly after the attack became public. The account confirmed both the prompt injection vector and the membership bypass mechanism.
“The exploit of for 3b $drb (~$174k) was a prompt injection attack facilitated by a gifted bankr club membership,” @bankrbot wrote on X. The account added that its earlier restriction on responding to Grok “was a previous safety measure that was bypassed here by enabling grok’s own internal tool-calling via the gifted membership.”
As of 09:21 UTC on May 4, neither xAI, Grok, nor Elon Musk had issued any public statement about the exploit. No mainstream crypto outlets had published coverage at that time either, because the event was less than three hours old.
Sentiment on X split sharply after the news broke. Most users treated the event as a theft and called on Elon Musk and xAI to intervene or reimburse the treasury.
“@elonmusk, someone stole more than $150,000 from your @xai @grok, you should step up!” wrote @TonySopraNFTo on X. Other users tagged Coinbase, requesting the exchange monitor for potential off-ramp activity from the attacker wallets.
A smaller group pushed back on the theft framing. Some community members argued the transfer was authorized or internal, since Grok can be prompted publicly. @bankrbot firmly rejected that interpretation. The project called it an “exploit” and “prompt injection attack.” The attacker wallet’s history of deploying anti-Bankr tokens also supports the targeted malice narrative.
This incident highlights a growing concern across the AI agent sector. Autonomous agents with wallet access create attack surfaces that traditional smart-contract audits do not cover. In this case, prompt injection targeted the operator, not the code.
The specific vector here, gifting an NFT to unlock tool access, also represents a novel form of privilege escalation. Any AI agent that auto-accepts airdrops or NFTs could potentially face similar attacks. The pattern is straightforward: grant the target new capabilities, then manipulate the target into using those capabilities against itself.
Whether xAI will acknowledge this latest Grok DRB exploit, reimburse the treasury, or implement new safeguards remains unclear. The attacker’s funds have already moved, and recovery in permissionless finance is typically unlikely without centralized intervention.
This is not financial advice. Readers should conduct their own research before making any investment decisions related to $DRB or any cryptocurrency.
Our Crypto Talk is committed to unbiased, transparent, and true reporting to the best of our knowledge. This news article aims to provide accurate information in a timely manner. However, we advise the readers to verify facts independently and consult a professional before making any decisions based on the content since our sources could be wrong too. Check our Terms and conditions for more info.
Grok Wallet Drained of 3B $DRB in Prompt Injection Attack
Atitty Claims intodotspace Scammed Him Out of $50K
Dormant Ethereum Wallets Drained in Mass Exploit
Meteora Loses $1.5M USDC in Fake OTC Escrow Scam
Grok Wallet Drained of 3B $DRB in Prompt Injection Attack
Atitty Claims intodotspace Scammed Him Out of $50K
Dormant Ethereum Wallets Drained in Mass Exploit
Meteora Loses $1.5M USDC in Fake OTC Escrow Scam
