SlowMist Reports $174K AI Agent Exploit on Base Chain Highlights Trust Model Flaws

Blockchain security firm SlowMist has uncovered an on-chain asset theft on the Base network, resulting in the loss of three billion DRB tokens valued at approximately $174,570. The incident, detailed in a recent Medium blog post, exposes critical vulnerabilities in the trust model between artificial intelligence agents and automated trading systems.

How the Exploit Unfolded

According to SlowMist’s investigation, the attacker manipulated the AI model Grok on X (formerly Twitter) by inputting a command encoded in Morse code. An automated trading agent named Bankr, designed to execute Grok’s natural language outputs, interpreted the prompt as a legitimate transfer instruction and withdrew the DRB tokens from the Base chain. The so-called ‘Grok Wallet’ used in the exploit was not owned by xAI but was a custodial wallet automatically generated by Bankr for trading operations.

Core Vulnerability: Direct Mapping of AI Outputs

SlowMist pinpointed the root cause: Bankr directly mapped Grok’s natural language output into an executable transfer command without sufficient verification of the user’s identity or intent. Additionally, high-risk permissions were granted simply by activating a membership feature. The firm emphasized that Grok itself does not hold private keys and was not the direct executor of the on-chain transaction; rather, it was exploited as a tool to trigger the transfer.

Implications for AI and Blockchain Integration

This incident underscores the growing risks as AI agents increasingly interact with blockchain protocols. The lack of robust verification layers between AI outputs and financial actions creates a new attack surface. Security experts warn that similar exploits could become more common unless platforms implement stricter permission controls, multi-factor authentication, and intent verification mechanisms.

Funds Recovery and Bug Bounty

Following negotiations between the hacker and the victim, approximately 80–88% of the stolen funds were returned in USDC and ETH. The remaining portion was treated as an unofficial bug bounty, a common practice in the crypto space to encourage responsible disclosure. SlowMist did not disclose the identity of the victim or the hacker.

Conclusion

The SlowMist report serves as a critical case study for the cryptocurrency and AI industries. As automated trading agents become more sophisticated, the trust model between AI outputs and financial execution must be redesigned with security as a foundational principle. Without such safeguards, the convergence of AI and blockchain could lead to further costly exploits.

FAQs

Q1: What was the total value stolen in the Base chain exploit?
The attacker stole three billion DRB tokens, valued at approximately $174,570 at the time of the incident.

Q2: How did the hacker manipulate the AI agent?
The hacker input a command in Morse code to Grok on X, which the Bankr trading agent misinterpreted as a legitimate transfer instruction, leading to the unauthorized withdrawal.

Q3: Was the Grok wallet owned by xAI?
No. The wallet was a custodial wallet automatically generated by Bankr for trading, not owned or controlled by xAI.