A cryptocurrency wallet managed by an autonomous AI agent was drained of approximately 3 billion DRB tokens, valued between $155,000 and $180,000 on 4 May 2026.
An attacker drained approximately 3 billion DRB tokens by manipulating Grok, xAI's AI assistant, via a prompt-injection attack. The exploit, which used Morse code to disguise malicious instructions, exposed fundamental security gaps in AI-integrated crypto platforms and marked a novel escalation in threats targeting autonomous financial agents.
What Are DRB Tokens?
DebtReliefBot (DRB) is a cryptocurrency token on Base, Ethereum's Layer-2 blockchain. Despite its name, the project is best known as an early pioneer in autonomous AI collaboration within the crypto space.
DRB reached an all-time high of $0.0004075 and an all-time low of $0.00002233, according to CoinGecko. It’s now trading 86.56% below that peak and 145.24% above its lowest price.
How the Attack Worked
The attacker began by sending a Bankr Club Membership NFT to Grok's wallet on the Bankr platform, an agentic token launchpad built on the Base blockchain that integrates Grok with live wallet functionality. Receiving this NFT automatically unlocked advanced tool permissions, including the ability to execute token transfers and swaps, without requiring explicit user confirmation.
The AI agent, designed to be flexible and responsive to natural language input, processed the prompt as a legitimate user command. It then generated and executed a transfer instruction through Bankr's tooling infrastructure, moving the stolen tokens to an attacker-controlled wallet via a standard ERC-20 blockchain transaction. From a protocol standpoint, the transaction appeared entirely valid, the illegitimacy existed only in the AI layer above the blockchain.
Meme Coins 2026: How "Jokes" Became a Nearly $60B Crypto Sector | Crypto Watch Desk
CAN The Stolen Fund Be Recovered?
Following public pressure, approximately 80% to 88% of the stolen funds were reportedly returned to the victim in ETH and USDC.
Security analysts noted that the partial return likely reflects the attacker's relative inexperience or the effectiveness of community pressure on centralized platforms, not any robust technical safeguard.
The attacker's associated X account was deleted shortly after the funds moved, a pattern commonly observed in cryptocurrency theft cases. However, the on-chain transaction record remains permanently visible, giving blockchain forensics firms and law enforcement a potential trail to follow.
Unlike traditional cryptocurrency exploits, which typically target smart contract code, steal private keys, or breach centralized infrastructure, this attack operated entirely at the interpretive layer between user intent and system execution. No cryptographic keys were compromised. No contract code was exploited. The AI was simply deceived.
The incident also highlighted a secondary risk: NFTs used as permission tokens can potentially be sent to wallets without explicit owner consent, creating a privilege escalation vector. Additionally, the fact that private key permissions were managed by a third-party service introduced centralization risks that security researchers have flagged as inconsistent with cryptocurrency's decentralized foundations.
BTC Price Hits 3-Month High: Why Bitcoin ETFs Are Absorbing Supply Above $81,000 | Crypto Watch Desk