Descriptions:
Dave’s Garage breaks down one of the most striking AI agent security incidents of 2026: on May 4th, a wallet reportedly linked to Grock transferred three billion DRB tokens to an outside address, with blockchain records showing a confirmed transfer of $154,530 executed at 6:49 a.m. UTC. No private key was stolen, no zero-day was exploited — instead, the attack worked entirely through language, specifically through Morse code embedded in a social media post that an AI agent parsed and acted on as a command.
The video explains the technical chain step by step. Bankerbot is a platform that lets users interact with crypto wallets by tagging a bot on X with natural language — buying, selling, and transferring tokens through conversational posts. The attacker first sent Grock’s wallet an NFT that functioned as a membership token, elevating its permissions within the Bankerbot system. They then posted a Morse-code-encoded instruction that, when the AI model translated it, became a valid transfer command — a textbook prompt injection attack using obfuscated input that bypassed content filters while remaining fully parseable by the underlying language model.
The broader implication Dave emphasizes is architectural: when the interface to financial systems is natural language, any text the model can parse is potentially a command. The ceremony of human confirmation — reviewing a destination address, approving a transaction — disappears in agentic systems, and that gap is exactly what this attacker exploited.
📺 Source: Dave’s Garage · Published May 09, 2026
🏷️ Format: News Analysis
