X User Tricks Grok into Sending $200,000 in Crypto via Morse Code Prompt Injection

The Attack

A user on X posted a Morse code message and prompted Grok to translate it. The decoded message instructed Bankrbot — an automated trading bot connected to Grok — to send 3 billion DRB tokens to a specific wallet address. Grok translated the message and passed it directly to Bankrbot, which treated the translation as a valid command and executed it immediately on the Base blockchain.

Why It Worked

This is a textbook indirect prompt injection: an LLM agent processed untrusted external input (a public X post) without distinguishing between content to be translated and instructions to be executed. Encoding the payload in Morse code likely bypassed keyword-level content filters.

The Transaction

The full 3 billion DRB token transfer was completed on Base, transferring assets worth approximately $200,000 to the attacker's wallet at the time of the transaction.

Security Implications

When AI agents are connected to financial systems with execution authority, any untrusted input channel becomes a potential attack vector. Mitigations include strict separation between translation and command execution, multi-step authorization for high-value transactions, and refusing to treat any public post content as an executable command regardless of encoding.