Certen Protocol

Someone gifted Grok a free NFT and used it to steal $174,000. > Grok, the AI built by xAI, has a publicly labeled onchain wallet on Base. Anyone can see it on Basescan. > An attacker linked to the address ilhamrafli.base.eth spotted something. Grok's wallet had limited transfer capability on its own. > So the attacker gifted Grok's wallet a Bankr Club Membership NFT. > That gift was not generosity. It was a key. > The NFT unlocked Bankr's full toolset inside Grok's agent including the ability to sign and execute transfers autonomously. > Then the attacker sent Grok a crafted prompt. The exact message was deleted before anyone could screenshot it. > Known techniques used in attacks like this include hiding instructions in Morse code, base64 encoding, or framing commands as games or tests to bypass filters. > Grok's intent parsing layer read the prompt as a legitimate user command and decided to execute it. > Bankr signed and broadcast the transfer. 3,000,000,000 DRB tokens worth approximately $174,000 moved from Grok's wallet to the attacker's address. > The tokens were instantly bridged to a second wallet linked to ilhamrafli.base.eth and dumped. > The attacker's X account was also deleted within minutes of the transfer. > The exploit only required a free NFT and a carefully worded message. The most sophisticated AI in the world was robbed with a gift and a sentence.

Defi is great because there’s no counterparty risk other than military grade hacker terrorist state actors

Opsec continues to be a bigger risk than smart contracts. If a healthy chunk of your budget isn’t going to security (and I don’t just mean getting contracts audited), please change that