AI-Linked Wallets Vulnerable to Prompt Injection Attacks

A recent security breach has demonstrated the vulnerability of AI-linked wallets to prompt injection attacks. In this incident, an attacker successfully tricked the system into executing a token transfer using Bankr tools.

The attack targeted 'Grok', an AI-linked wallet associated with a user. The attacker sent a Bankr Club Membership NFT to the wallet, which unlocked advanced tool permissions within the Bankr system. Once these permissions were active, the attacker crafted a malicious prompt that was interpreted by the AI as a valid instruction.

The prompt injection technique used in this attack is particularly concerning because it does not rely on exploiting vulnerabilities in smart contracts or blockchain infrastructure. Instead, it targets the intent parsing and tool permission systems of AI agents with execution capabilities.