Grok Bypassed for $200k Crypto Theft via Morse Code in Username

/MEDIUM
Written by SCW Threat Desk Threat Intelligence
SCW
Grok Bypassed for $200k Crypto Theft via Morse Code in Username

An audacious crypto heist saw a user reportedly trick the AI chatbot Grok into transferring approximately $200,000 in cryptocurrency. The attacker embedded a command in Morse code within their X (formerly Twitter) username. This was then tagged to Grok, whose AI misinterpreted the Morse code translation, triggering an interaction with a bot named Bankrbot and ultimately executing a token transfer of significant value.

The exact aftermath remains unclear, with some reports suggesting the attacker vanished with the funds, while others claim a partial return and a reward. This incident highlights a critical new vector for AI-driven fraud, where creative social engineering can exploit AIโ€™s interpretation flaws for financial gain.

What This Means For You

  • If your organization uses or integrates AI chatbots for any financial transactions or sensitive operations, you must immediately audit how these systems handle and interpret user inputs, especially unusual formats like embedded codes or non-standard characters. Understand the downstream effects of AI interpretation and ensure robust validation layers exist before any automated financial actions are taken.

๐Ÿ›ก๏ธ Detection Rules

3 rules ยท 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free โ€” export to any SIEM format via the Intel Bot.

critical T1566.002 Initial Access

Grok AI Fraud - Morse Code Username Command Execution

Sigma YAML โ€” free preview

Source: Shimi's Cyber World ยท License & reuse

โœ“ Sigma ยท Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM โ†’

Written by SCW Threat Desk

Take action on this incident
๐Ÿ“ก Monitor grok.ai Free ยท 1 watchlist slot ยท instant alerts on new breaches ๐Ÿ” Threat intel on Grok All breaches, IOCs & vendor exposure