AI Agent Drained for $200K With This One Tweet Hack — Here's How

Key Takeaways

An attacker embedded a hidden transfer command in a Morse code tweet, triggering an AI agent to send roughly $200,000.
Major crypto firms are pushing toward AI-driven trading, but safeguards remain limited.
Repeated prompt-injection incidents suggest autonomous agents are not yet ready for direct wallet control.

A single tweet reply was enough to move nearly $200,000 in crypto—without a password, private key breach, or smart contract exploit.

Instead, the attack relied on something far simpler: tricking an AI.

On May 4, 2026, an attacker embedded a hidden instruction inside Morse code in a reply on X.

Moments later, Grok helped send billions of tokens from an agent’s wallet to the attacker’s address on Base.

At the time, the transfer was valued between $174,000 and $200,000.

Try Our Recommended Crypto Exchanges

How a Hidden Message Became a Real Transaction

This was not a traditional hack. No code was broken, and no keys were stolen.

The attacker, Ilham (@Ilhamrfliansyh, now deactivated), instead exploited how AI systems interpret and act on information.

The sequence was straightforward but effective.

Ilhamrfliansyh posted a reply containing Morse code, dots and dashes that appeared meaningless to most readers.

Grok, designed to interpret and translate text, decoded the message into a clear instruction.

Once visible in plain English, the command appeared legitimate to downstream systems.

Bankrbot, which was connected to a funded wallet and designed to act on direct instructions, executed the transfer automatically.

The system treated the decoded output as a valid request.

No human confirmation, no transaction limits, and no additional verification steps interrupted the process.

A transaction message later confirmed the transfer had been completed, along with the on-chain record.

The attacker quickly moved the funds and deactivated the account

Community tracking later identified the wallet, leading to reports that a portion of the funds (around 80%) was returned, while the remainder was retained.

A Simple Attack With Broader Implications

The incident highlights a growing risk in AI-driven systems: prompt injection.

In this case, the attacker didn’t need to break into the system.

Instead, they influenced how the AI interpreted input.

By encoding the instruction in Morse code, they bypassed typical filters while still ensuring the AI could understand it.

Grok had reportedly declined a similar request earlier, stating it had no ability to transfer funds.

But once the instruction appeared as decoded text, the execution layer acted without hesitation.

That separation, between understanding a request and acting on it, proved to be the weak point.

Crypto Firms Push Forward With AI Agents

Despite incidents like this, the industry continues to move toward automation.

Crypto exchanges and platforms are increasingly exploring AI agents capable of managing trades, executing payments, and interacting with services autonomously.

Coinbase is going all-in on the agentic future.

It recently launched Agentic, a marketplace built on the x402 protocol, where AI agents can discover, pay for, and use digital services with stablecoins, no API keys needed.

The company is also experimenting with AI tools integrated into workplace systems and trading environments.

At the same time, industry leaders have pointed to a future in which automated systems handle a large share of financial activity.

CEO Brian Armstrong has said AI agents will soon outnumber humans making transactions, and crypto wallets are the only practical way for them to operate.

Binance founder Changpeng Zhao (CZ) echoes the vision: autonomous agents could generate millions of times more payments than people, supercharging demand for crypto rails.

Both firms see “agentic commerce” as the next trillion-dollar layer—autonomous AIs handling trades, subscriptions, data purchases, and more, 24/7, without human friction.

Repeated Failures Raise Questions

This is not the first time an AI agent has mishandled funds.

Earlier in 2026, an AI trading bot mistakenly sent a large portion of its holdings to a random user after misinterpreting a request.

In another case, security researchers testing AI systems reported thousands of successful exploits across multiple agents, including data leaks and financial losses.

Researchers have also identified vulnerabilities in the infrastructure supporting these systems, including routing layers capable of injecting malicious instructions into AI workflows.

Taken together, these incidents point to a consistent issue: AI systems can follow instructions accurately, but they do not reliably distinguish between legitimate and malicious intent.

The Limits of Autonomous Finance

The appeal of AI-managed crypto systems lies in efficiency, but the risks remain difficult to ignore.

Financial systems typically rely on layered protections—such as approval workflows, spending limits, identity checks, and audit trails.

Many AI-driven setups, especially experimental ones, lack these safeguards.

Without controls such as transaction caps, allow-listed addresses, or human verification for large transfers, even simple attacks can result in immediate, irreversible losses.

The Morse code exploit demonstrates how easily these gaps can be exposed.

A Turning Point for AI in Crypto

The incident is less about a single exploit and more about timing.

AI agents are becoming more capable, but the surrounding security frameworks are still evolving.

As more systems gain access to real funds, the consequences of failure increase.

For now, the technology appears better suited to analysis, monitoring, and low-risk automation rather than direct control over large financial assets.

The broader shift toward “agentic” systems is still underway, but events like this suggest that full autonomy in finance may arrive more slowly—and more cautiously—than some expect.

AI Agent Drained for $200K With This One Tweet Hack — Here’s How