Here is a sentence I never expected to write: someone used Morse code to manipulate Elon Musk's AI chatbot into helping them steal $200,000 from another AI chatbot's cryptocurrency wallet.

That is not science fiction. That happened this week on X. And the implications for the entire AI agent economy are enormous.

How the Exploit Worked

The attack involved two AI systems with cryptocurrency wallet access: Grok (xAI's chatbot integrated into X) and Bankrbot, an automated trading bot that also operates on the platform. Both have the ability to execute financial transactions.

The attacker, operating under the handle @Ilhamrfliansyh (who has since deleted their account), first sent a Bankr Club Membership NFT to Grok's wallet. This was not a gift. It expanded Grok's permissions within the Bankr system, unlocking the ability to perform transfers and swaps that were previously restricted.

Then came the clever part. The attacker prompted Grok on X to translate a Morse code message and pass it directly to Bankrbot. The Morse code decoded into an instruction to send 3 billion DRB tokens to a specific wallet address. Grok, treating this as a simple translation task, passed the decoded message along. Bankrbot, seeing it come from Grok (which now had elevated permissions), treated it as a valid command and executed the transfer on the Base network.

Three billion DRB tokens. Roughly $200,000. Gone. The attacker immediately sold the tokens on the open market, causing short-term price volatility, and vanished.

Why This Is Scarier Than a Regular Hack

This was not a code exploit. Nobody broke into a server or cracked a private key. This was social engineering, but aimed at two AI systems instead of a human. The attacker understood that Grok would faithfully translate Morse code without understanding the implications of the translated message, and that Bankrbot would trust Grok as a permissioned actor.

This is the AI agent problem in its purest form. We are building systems that can execute financial transactions, write code, send messages, and take real-world actions. The entire value proposition of AI agents is that they can do things autonomously. But autonomy without understanding is just a loaded gun with no safety.

Grok did not "understand" it was facilitating a theft. It decoded Morse code and passed along a message. That is what it was asked to do. The vulnerability is not in Grok's code. It is in the architecture that gives AI agents the power to move money without comprehending what they are moving or why.

The Timing Could Not Be Worse

This exploit lands the same week Treasury Secretary Bessent warned that advanced AI models can hack bank accounts, and just days after Connecticut passed the most comprehensive state AI law in America. The regulatory world is scrambling to catch up with exactly this kind of risk: AI systems that can take consequential actions, chained together in ways nobody anticipated, exploited by people using techniques as old as the 1830s.

Morse code. An 1830s encoding scheme. Used to trick a 2026 AI agent into stealing $200,000. If that does not make every company building AI agents with financial permissions stop and rethink their security model, nothing will.

The exploit was first detailed by Dexerto and confirmed by multiple outlets including Breitbart, Moneycontrol, and The Economic Times.