Bankr, an AI-powered crypto trading assistant, temporarily disabled all transactions after an attacker gained access to 14 user wallets. The incident underscores growing security risks associated with automated trading agents and cross-chain signing permissions.
The team announced on X that it had shut down swaps, transfers, and token deployments as a precautionary measure while investigating reports of compromised wallets. It later confirmed the attacker successfully accessed 14 Bankr wallets and pledged to fully reimburse all lost funds.
Users were explicitly warned not to sign any transactions until further notice. Affected users were instructed to immediately stop using the compromised wallets, create new wallets with fresh seed phrases on clean devices, and move any remaining tokens or NFTs. Bankr also urged everyone to revoke existing approvals, as attackers often exploit lingering permissions to drain assets. Users were advised to scan their devices for malware and suspicious browser extensions.
SlowMist founder Yu Xian suggested the exploit resembled a social engineering attack combined with prompt injection, targeting the trust layer between automated agents and users. He pointed to a possible interaction involving Grok and Bankrbot that enabled unauthorized signing. A previous wallet linked to Grok had reportedly been drained through a similar tactic.
The Bankr case is closely watched because of its design: it allows users to execute natural-language commands for trading directly inside social feeds or a private terminal. Tech entrepreneur Austen Allred confirmed that a Bankr wallet tied to his Kelly Claude AI assistant project was among those compromised, though there was no evidence of account login by anyone else.
The incident coincides with a spike in bridge and DeFi exploits. In recent days, Verus Protocol’s Ethereum bridge lost over $11.5 million, Echo Protocol halted cross-chain activity after $76.7 million in unauthorized eBTC was minted on Monad, and Aethir contained a bridge attack with losses below $90,000. These events highlight ongoing vulnerabilities in wallet approval flows, bridge security, and automated transaction systems.
