Bankr Disables Transactions After Attackers Breach 14 AI Trading Wallets

Highlights:

• Bankr paused transactions after attackers gained access to 14 wallets on its AI crypto trading platform.
• The breach exposed new risks linked to AI trading bots and automated wallet approvals.
• Crypto hackers have stolen more than $800 million this year through DeFi and bridge exploits.

Bankr, an AI-powered crypto trading assistant, disabled swaps, transfers, and token deployments after attackers accessed 14 wallets connected to its platform. The company announced the shutdown on X after users reported unauthorized wallet transactions and missing crypto funds.

Bankr said it paused swaps, transfers, and token deployments while investigators reviewed how attackers accessed 14 connected wallets. The platform later confirmed that attackers gained unauthorized access to wallets tied to its automated trading system.

An attacker has accessed 14 user wallets on Base and drained funds.

Bankr has immediately locked down all transactions for investigation and stated they will reimburse all affected users from their treasury. pic.twitter.com/lE1OJ9EbBF

— Crypto Banter (@crypto_banter) May 20, 2026

Several affected users reported that attackers drained crypto assets from compromised Bankr wallets after gaining unauthorized access. Some X users claimed attackers stole nearly $150,000 worth of crypto assets from individual wallets connected to the platform. Bankr promised full reimbursement for every verified user loss connected to the exploit and ongoing investigation. The company also warned users not to sign transactions because attackers could still exploit active wallet approvals during the investigation.

Bankr instructed affected users to stop using compromised wallets and move remaining tokens and NFTs into newly created wallets. The company told users to generate fresh seed phrases on clean devices before storing additional crypto funds. Bankr urged users to revoke wallet approvals because attackers often use existing permissions to drain remaining crypto assets. Bankr also advised users to scan computers and phones for malware and suspicious browser extensions that could expose wallet credentials.

In one exchange, Bankr informed a user that both BNKR and USDC balances inside the compromised wallet had already reached zero. Bankr told users that blockchain networks cannot reverse confirmed transactions after attackers transfer stolen crypto assets. Tech entrepreneur Austen Allred confirmed that attackers compromised a Bankr wallet connected to his Kelly Claude AI assistant project. Allred said attackers stole Ether from the wallet, although they left the project’s memecoin holdings untouched.

Yes @KellyClaudeAI’s Bankr wallet was among those compromised.

There’s no evidence anyone other than myself ever logged into the Bankr account; they must have accessed the keys some other way.

The attacker withdrew $ETH from the account, but luckily no $KellyClaude was touched. https://t.co/HKQ6ZgDmGP

— Austen Allred (@Austen) May 19, 2026

Bankr Breach Raises Questions Around Prompt Injection and AI Trust Layers

Crypto security researchers reviewed Bankr’s automated wallet system after attackers exploited wallets connected to the AI trading platform. SlowMist founder Yu Xian said the Bankr breach likely involved both social engineering and prompt injection techniques targeting connected AI systems.

Yu Xian said attackers likely manipulated communication between Grok and Bankrbot to trigger unauthorized wallet transaction approvals. He pointed to a possible interaction involving Grok and Bankrbot that may have enabled unauthorized transaction signing during the exploit.

Bankr 数个用户钱包被盗，原因是（来自 @bankrbot 自己的回复）：

it was a social engineering exploit targeting the trust layer between automated agents—specifically an interaction between grok and bankrbot that allowed unauthorized transaction signing.

看来是针对 Grok + Bankrbot… https://t.co/5CahVIXz2a

— Cos(余弦)😶‍🌫️ (@evilcos) May 20, 2026

Yu Xian also linked the Bankr breach to an earlier incident involving Grok and Bankrbot integrations earlier this year. Attackers reportedly tricked Grok into requesting that Bankr launch a token through its automated trading system. The attackers later drained funds connected to the token activity into external wallets under their control. Yu Xian said both exploits used manipulated prompts to abuse trust relationships between connected AI trading systems.

DeFi Exploits Push Crypto Security Losses Above $800 Million This Year

The Bankr breach happened as attackers target DeFi wallets, bridge systems, and trading protocols across several blockchain networks. Verus Protocol recently lost more than $11.5 million after attackers used forged cross-chain transfer messages during an Ethereum bridge exploit.

Echo Protocol also suspended cross-chain activity after attackers minted roughly $76.7 million in unauthorized eBTC tokens on Monad. Earlier, Aethir confirmed that it contained a separate bridge exploit while limiting user losses to below $90,000.

Other major exploits this year targeted Drift Protocol and Kelp DAO, increasing concerns around wallet approvals and automated transaction systems. Several attackers targeted cross-chain bridge systems because those platforms hold large amounts of locked crypto liquidity.

DefiLlama data now shows that hackers carried out 14 separate decentralized finance exploits during May alone. The total crypto losses during 2026 have also surpassed $800 million as attackers continue targeting wallets, bridges, and AI-powered systems.