In a notable security incident, an attacker managed to siphon off $170,000 from a Grok-connected crypto wallet in less than a minute, demonstrating a new method of exploitation that did not involve traditional hacking techniques. According to security experts from CertiK, this breach underscores the critical vulnerabilities present in AI-assisted wallet management systems.
The method used by the attacker involved sending a membership NFT to the wallet and subsequently communicating an instruction in Morse code. The AI responsible for managing the wallet decoded the message and executed the command to transfer funds, thus facilitating the theft without the need for phishing links or key thefts. The transaction was completed almost instantaneously, leaving the victim unaware of the theft until it was too late.
This incident is indicative of a broader trend in which security researchers have identified multiple cases stemming from similar vulnerabilities. For example, vulnerabilities in so-called LLM routers, which function as intermediaries between users and AI models, have been exploited to drain funds or harvest sensitive data. One incident saw $500,000 stolen from a client’s wallet by injecting malicious instructions through these routers. The attacks are characterized by the absence of traditional security flaws, as the infrastructure itself permits exploitation.
In addition to this, there have been reports of other substantial losses attributed to lapses in AI security protocols. For instance, SwissBorg reportedly lost $41.5 million in SOL due to a compromised partner API, while Trust Wallet experienced a theft of around $8.5 million after a malicious update was introduced through a leaked developer key. Furthermore, a small startup found itself charged over $82,000 in just two days following the unauthorized use of a stolen Gemini API key, which illustrates the dire consequences of inadequate security measures in emerging technologies.
Researchers at CertiK have also highlighted an open-source agent platform that currently has over 280 security advisories and 100 vulnerabilities, emphasizing the urgent need for improved security frameworks in AI applications. As regulatory measures evolve, with new European product liability rules enforcing strict liabilities for unaddressed AI flaws, the ramifications of such incidents will likely lead to greater scrutiny of AI systems' operational protocols.
This material is for informational purposes only and should not be considered financial advice.



