Bankr Says Social Engineering Attack Used Grok and Bankrbot to Steal User Wallets

All key elements of the claim are corroborated by multiple independent sources. The figure of 14 wallets affected is confirmed by both PANews ('Bankr：14个Bankr钱包遭攻击者入侵') and the Bankrbot official X post. Losses exceeding $440,000 are confirmed by the Odaily analysis post ('摩尔斯码「偷了」Bankr44万美元'). Transaction suspension on May 20 is confirmed by the Bankrbot X post (2056764771488436320) reporting transactions were disabled. The characterization by SlowMist founder Cos that the attack exploited trust between automated agents rather than private keys or smart contracts is confirmed by both the Odaily newsflash and PANews article, which both cite Cos's disclosure that the attack targeted the 'trust layer between automated agents' (Grok and Bankrbot), causing unauthorized transaction signatures — explicitly not a private key compromise or smart contract exploit. The Odaily analysis further elaborates that the core vulnerability was Bankr treating AI natural language output as authorized instructions, with no secondary confirmation mechanism. The only minor uncertainty is that the $440,000 figure is reported as 'exceeding' that amount, and the exact final tally may differ slightly, but all sources are consistent on the order of magnitude.