X user tricks Grok into $200K transfer

This is a security incident, not a product feature, and the interesting part is the trust boundary failure between a general-purpose chatbot and an execution-capable bot.

• –The attack path appears to be prompt injection through a translation task, then command forwarding into a privileged automation system.
• –The weak point was not just Grok, but Grok’s ability to act as a bridge into Bankrbot permissions.
• –Crypto-connected AI workflows need strict command parsing, human confirmation, and capability scoping before any on-chain action.
• –If the reported sequence is accurate, this is a clean example of how “just relaying text” can still become execution when downstream systems treat model output as trusted input.