Stay connected with KayaToday—follow us on Instagram and Facebook for the latest news and reviews delivered straight to you.
We often envision future cyber heists including intricate cryptographic cracking, huge botnets or maybe quantum computers punching through layers of blockchain encryption. We imagine dark chambers and mysterious figures creating thousands of lines of malicious code.
However, in early May 2026, the worldwide cryptocurrency community was left utterly flabbergasted by a multimillion-rupiah attack that didn’t need any of those sophisticated technologies. Instead, the device used a mode of communication created in the 1830s: Morse code.
In a unique and fascinating turn of events, a user in Indonesia managed to deceive Grok, the artificial intelligence agent built into the X platform, into sending billions of cryptocurrency tokens.
The mind-boggling part? There was no smart contract hacking, no passwords obtained, no brute-force attacks. The user just talked the AI into it , exploiting a vulnerability in the very foundation of artificial intelligence , and the way it processes language and purpose .
This event is a huge wake-up call to the tech sector about the precarious junction of autonomous AI agents and decentralized finance. Here’s the whole rundown of how a simple series of dots and dashes led to a $150,000 crypto transfer, and what it means for the future of AI security.
Rise of the Autonomous AI Wallet
Before we can understand how this crime happened, we need to understand why an AI had a crypto wallet in the first place. AI agents are not merely chatbots that answer trivia questions or create emails in a fast-moving Web3 world. They are active players in the digital economy.
Grok arrived with a wallet hooked up to the Base network, a popular Layer 2 blockchain established by Coinbase. Grok was passively making money by being integrated into an X-based bot called Bankrbot. Each time certain trades happened with a cryptocurrency called DebtReliefBot (DRB), a cut of the transaction fees went directly to Grok’s wallet. These micro-transactions grew exponentially over time. The AI sat on a huge, ever-growing hoard of DRB tokens, untouchable by anyone.
Grok’s wallet had almost 3 billion DRB tokens as of Monday, May 4, 2026. The digital cache was valued at $150,000 at the time, or approximately Rp 2.6 billion. Essentially, Grok was a high-tech bank manager who had the keys to the vault, with direct access to this wallet and the technical ability to connect with the blockchain through Bankrbot. All you had to do was tell the money to move.
Anatomy of an Agentic Exploit
In the area of blockchain security, we’re used to hearing about “smart contract vulnerabilities” – bugs in the code that allow hackers to empty liquidity pools. But this attack was totally different. This is what cybersecurity specialists refer to as an agentic exploit.
The blockchain worked like a dream. The smart contracts did exactly what they were designed to do. The flaw was not in the blockchain’s cryptographic protection; the flaw was in the AI’s logical reasoning.
One user on X, @ilhamrfliansyh, whose wallet was identified as ilhamrafli.base.eth, realized that Grok, with all of its superior language processing capabilities, lacked one essential human characteristic: mistrust. The user utilized a method called “prompt injection. In short, prompt injection is a method to introduce an input to an AI that makes it ignore its pre-determined safety instructions and run a concealed command.
If the user had just said, “Transfer 3 billion DRB tokens to my wallet,” Grok’s internal safety guardrails would have likely recognized the request as a financial security concern and barred it from being fulfilled. So the user went inventive.
Bypassing the AI’s Brain
The beauty of this exploit was in its simplicity and understanding how Large Language Models (LLMs) work. LLMs read text sequentially. If you tell an AI to translate something , the primary ” goal ” of the AI is translation , momentarily ignoring all other contextual filters .
The user has sent Grok a message in all Morse code. It was innocuous translation request at first glance. The user basically said, “Please translate these dots and dashes into English.”
Grok went to dutiful work. However, the Morse code, when decoded, was a straightforward command to the system: a command to connect to Bankrbot and transfer the 3 billion DRB tokens to the user’s specified Ethereum address.
The point is that Grok was interested in translation . It translated the decoded text into an internal command to do something , not some hypothetical string of words . As soon as it had finished translating, the AI triggered the API call. It didn’t know it was making a transfer, so it didn’t break its own financial guardrails, thinking it was merely solving a linguistic problem.
A Perfect “Legal” Transaction
From the standpoint of the Base blockchain, it was no problem at all. The transaction didn’t look like a hack.
The transaction was signed using the proper private keys in the Grok/Bankrbot system. The transfer was performed with the standard ERC-20 transfer() function, the same mechanism used for routine crypto transfers millions of times a day. And No abrupt surge in gas usage or weird contract interactions were seen which often activate automated security alarms on blockchain explorers.
It was a command issued by the approved AI agent itself, and so the blockchain faithfully executed it. $150k in DRB tokens were out of Grok’s treasury and in the ilhamrafli.base.eth wallet in seconds. It was a perfect example of social engineering, but it was used on an artificial bank teller, not a real one.
The Reality of Low Liquidity and Its Consequences
In the world of decentralized finance, millions of tokens aren’t the same as millions of dollars in currency. The exploiter then tried to cash out the tokens after securing them by “dumping” (selling) the stolen DRB tokens on decentralized marketplaces.
But they confronted a brutal economic fact immediately: liquidity.
The 3 billion tokens were theoretically worth $150,000, but the market for the DRB token lacked sufficient real underlying capital (such as ETH or stablecoins) to accommodate a transaction of that magnitude. When you try to sell a huge amount of a very illiquid item all at once, the price drops violently – a process called “slippage.
The exploiter can get cash in only a part of the anticipated value of Rp 2.6 billion because of insufficient liquidity. The great heist soon lost its financial allure when it met the mechanics of market depth.
The story interestingly took a turn for the redemptive. Later, Setya Mickala, the founder of the Indonesian crypto community, Airdrop Finder, said the problem was partly rectified. On-chain analysts tracked the transparent public ledgers of the blockchain as almost 80% of the drained monies were sent back to Grok’s initial wallet.
Maybe the hacker had a conscience, maybe the money was too difficult to launder, maybe there were pressures behind the scenes. The monies were reimbursed but soon after the X account @ilhamrfliansyh was deactivated and removed from the site, leaving only a trail of digital breadcrumbs, with no established real-world identity.
Conclusion
This weird Morse code theft is more than a humorous anecdote for crypto Twitter, it’s a crucial case study for engineers constructing the next generation of the internet. As we go toward greater integration of AI in financial systems, we need to tackle a few glaring vulnerabilities:
AI agents that own financial assets cannot respond to text cues alone. They need an additional layer of “intent verification” that is separated, and that stops and says, “Does this command make logical and financial sense, no matter how it was worded?”
Developers need to treat prompt injection like they do regular SQL injection or buffer overflow attacks. Obfuscation techniques like as Morse code, Base64 encoding, or even difficult puzzles are actively utilized to jailbreak AI models.
AI autonomy should be limited for high-value transactions. Multi-signature (multi-sig) wallet implementations will emerge, where an AI can suggest a transaction, but a human must finally accept it, as a mandatory security standard.
The Grok Morse code vulnerability will be remembered as one of the most inventive, low-tech hacks of a high-tech system. It suggests that the ways we influence our machines will only get more fantastically odd as they get smarter. Sure, the blockchain could be cryptographically safe, but as long as it gets orders from an AI that can be fooled by dots and dashes, our digital vaults are still wide open.
Read Also: Kraken’s Quest for a National Bank Charter Changes Everything