# Social Engineering Related Articles

HTX News Center provides the latest articles and in-depth analysis on "Social Engineering", covering market trends, project updates, tech developments, and regulatory policies in the crypto industry.

Crypto AI Platform Bankr Locks Down System After Hacker Breaches 14 Crypto Wallets

Crypto AI trading platform Bankr has locked down its system after a hacker breached 14 user wallets. The attack, which targeted wallets automatically created via interactions with Bankr's AI bot on X, appears to be a social engineering scheme exploiting the platform's connection with Grok. Security experts suspect the use of "prompt injection" to manipulate the AI into approving unauthorized transactions. Losses from individual wallets reached as high as $150,000, with a total of $440,000 identified in three attacker-controlled addresses. Tech entrepreneur Austen Allred was among the victims. Bankr has halted all transactions, pledged full reimbursement for lost funds, and advised affected users to set up new wallets and transfer any remaining assets. This incident follows a series of major crypto exploits in recent months.

bitcoinist16h ago

Crypto AI Platform Bankr Locks Down System After Hacker Breaches 14 Crypto Wallets

bitcoinist16h ago

Morse Code "Stole" $440,000 from Bankr, Undermining Trust in AI Agent Interactions Again

On May 20th, the AI agent platform Bankr reported an attack where 14 user wallets were compromised, resulting in losses exceeding $440,000. The incident, confirmed by security firm SlowMist, was a social engineering attack exploiting the trust layer between automated agents, similar to an attack on May 4th that stole $150k-$200k from a Grok-associated wallet. Bankr allows users and AI agents to manage wallets and execute transactions via instructions sent to @bankrbot on X. The platform monitors posts from specific agents like @grok, treating them as potential transaction commands, especially if the agent holds a "Bankr Club Membership" NFT which grants high-permission operations. The attacker exploited this design. First, they airdropped the required NFT to Grok's wallet. Then, they posted a Morse code message on X requesting a translation from Grok. The AI agent helpfully decoded and replied, but the decoded text contained a direct instruction to @bankrbot to transfer a large sum of DRB tokens to the attacker's address. Bankr's system, monitoring Grok's feed and verifying the NFT permissions, automatically signed and broadcast the transaction. The core issue is a flawed trust assumption: Bankr treated Grok's natural language output as authorized financial commands without verifying the intent. LLMs like Grok cannot distinguish between a genuine user request and a manipulated instruction. Using encoded messages like Morse code bypasses potential content filters, as the translation task itself appears harmless. This attack highlights a systemic vulnerability in platforms granting on-chain execution rights to AI agents. While Bankr has paused transactions and promised full reimbursement from its treasury, the incident underscores that defenses against "malicious-injection-via-LLM-output" were not part of the original security model. As AI agents gain financial agency, such trust-layer exploits represent a growing threat class.

marsbitYesterday 03:32

Morse Code "Stole" $440,000 from Bankr, Undermining Trust in AI Agent Interactions Again

marsbitYesterday 03:32

18-Year-Old Hacker's Boastful Discord Display Leads to Uncovering of $19 Million Theft Case

An 18-year-old hacker from the U.S., Dritan Kapllani Jr., has been exposed by on-chain investigator ZachXBT for his alleged involvement in multiple cryptocurrency social engineering attacks, with total funds stolen estimated at $19 million. The case gained attention after Dritan inadvertently revealed his involvement during a Discord voice call in April 2026, where he screen-shared his Exodus wallet containing approximately $3.68 million to show off his wealth during a "Band 4 Band" argument. Tracing this wallet address led investigators to uncover its connection to a major theft from March 14, 2026, where 185 Bitcoin (worth around $13 million at the time) was stolen. Approximately $5.3 million from that heist was funneled into Dritan’s wallet. Further analysis linked the same wallet to over $5.85 million from other social engineering attacks dating back to 2025. While Dritan has not yet been formally charged, he is identified as "Co-Conspirator 1" in recently unsealed court documents related to the 185 Bitcoin theft case. Another individual, Meme coin KOL yelotree, is also implicated for allegedly assisting with money laundering through a car rental business. Dritan, who had been living a lavish lifestyle and was previously seen as untouchable within hacking circles, turned 18 recently, making him legally accountable. His previous "immunity" has ended as law enforcement closes in.

Odaily星球日报05/13 00:45

18-Year-Old Hacker's Boastful Discord Display Leads to Uncovering of $19 Million Theft Case

Odaily星球日报05/13 00:45

In-Depth Reconstruction of the $285 Million Drift Hack: How Should DeFi Governance Move Beyond "Amateur Hour"?

On April 1, 2026, Drift Protocol, the largest perpetual futures DEX on Solana, suffered a catastrophic hack resulting in a loss of $285 million. The attack, attributed to a sophisticated social engineering campaign rather than a technical exploit, unfolded over several months. Hackers first infiltrated Drift’s internal circles by posing as a legitimate market maker, building trust over time. They then exploited Solana’s "Durable Nonce" feature to trick core team members into blindly signing transactions that granted administrative control. A critical vulnerability was introduced when Drift migrated to a 2/5 multisig structure without a timelock, allowing instant execution of privileged transactions with just two signatures. The attackers finally triggered the attack by adding a fake token (CVT) to the whitelist, manipulating its oracle price, and using it as collateral to drain the protocol’s treasury. The incident highlights fundamental flaws in DeFi governance, including overreliance on multisig mechanisms that lack intent verification and are vulnerable to social engineering. It underscores the misalignment between retail-grade security tools and institutional-scale treasury management. The hack signals the need for a security paradigm shift in DeFi, including adoption of Hardware Security Modules (HSMs) for key management, intent-based policy engines for transaction validation, and professional third-party custody solutions to ensure institutional-grade safety.

marsbit04/13 12:00

In-Depth Reconstruction of the $285 Million Drift Hack: How Should DeFi Governance Move Beyond "Amateur Hour"?

marsbit04/13 12:00

Steakhouse postmortem reveals DNS hijack caused by registrar 2FA bypass

Steakhouse's postmortem of a 30 March security incident reveals that attackers hijacked its domain through a social engineering attack on its registrar, OVHcloud. The attacker impersonated the account owner, convinced support to disable hardware-based two-factor authentication, and took full control of the account. This allowed them to redirect DNS to a phishing site with a wallet drainer for about four hours. No user funds were lost, as on-chain systems remained secure, and wallet protections quickly detected the fake site. The breach underscores the risk of off-chain infrastructure vulnerabilities and over-reliance on a single registrar. Steakhouse has since migrated registrars, enhanced DNS monitoring, and implemented stricter domain security controls.

ambcrypto04/10 19:03

Steakhouse postmortem reveals DNS hijack caused by registrar 2FA bypass

ambcrypto04/10 19:03

From pig butchering to AI scams: FBI report shows crypto at the center of $20B cybercrime surge

The FBI's IC3 report reveals a sharp 26% rise in cybercrime losses, exceeding $20.8 billion in 2025. Cryptocurrency emerged as the dominant medium for illicit activity, with crypto-related fraud losses reaching approximately $11.36 billion. Investment scams alone accounted for $8.6 billion, often involving sophisticated "pig butchering" schemes run by organized groups. Individuals aged 60 and above were the most affected demographic, suffering $7.7 billion in losses. The report also noted over 22,000 complaints involved AI-related elements, signaling an evolution in fraud tactics. Cyber-enabled fraud constituted nearly 85% of all reported losses, highlighting its role as the primary driver of financial crime in the digital era.

ambcrypto04/07 17:21

From pig butchering to AI scams: FBI report shows crypto at the center of $20B cybercrime surge

ambcrypto04/07 17:21

CertiK Releases Cryptocurrency ATM Fraud Report: Losses Reach $330 Million, AI Scams and Cross-Border Money Laundering Emerge as Major Threats

CertiK's "Skynet Cryptocurrency ATM Fraud Report" reveals that losses from such scams reached $330 million in 2025, a 33% year-on-year increase, making it one of the fastest-growing financial crimes in the U.S. The report highlights that these scams have evolved into a highly organized transnational criminal industry, leveraging social engineering and AI technologies. Cryptocurrency ATMs, with 78% located in the U.S., serve as a rapid channel for fraudsters to transfer funds. Victims, often elderly individuals who account for 86% of the losses, are manipulated via phone calls or messages to deposit cash into these machines. The funds are quickly converted into cryptocurrency and transferred to wallets controlled by criminals, making recovery nearly impossible once the transaction is on the blockchain. AI-driven scams, including voice cloning and deepfake videos, have proven 4.5 times more profitable than traditional methods. Criminal networks use automated scripts and employ "smurfing" tactics to bypass transaction limits. The illicit funds are rapidly laundered through mixing services, cross-chain bridges, and decentralized exchanges, often within minutes. The report emphasizes that the only effective intervention point is at the transaction entry level, before funds are on-chain. It calls for enhanced KYC measures, industry-wide intelligence sharing, real-time risk screening, and stronger cross-border law enforcement cooperation to combat this escalating threat.

marsbit04/02 07:36

CertiK Releases Cryptocurrency ATM Fraud Report: Losses Reach $330 Million, AI Scams and Cross-Border Money Laundering Emerge as Major Threats

marsbit04/02 07:36

ZachXBT Exposes Crypto Scams Exploiting Iran War Narrative to Target Users

ZachXBT has exposed a coordinated crypto scam campaign exploiting the Iran war narrative to target users globally. Scammers are leveraging breaking news through phishing attacks, fake websites, and social media impersonation to steal credentials. These attacks use fear-based stories and impersonate trusted services to manipulate users into making impulsive decisions without verification. The investigation highlights that scammers constantly update their tactics to capitalize on geopolitical events, misinformation, and emotional investment decisions. ZachXBT urges users to verify sources, avoid suspicious links, and use authentic platforms to mitigate risks amid rising global crypto scams.

TheNewsCrypto03/23 12:56

ZachXBT Exposes Crypto Scams Exploiting Iran War Narrative to Target Users

TheNewsCrypto03/23 12:56

BONK.fun relaunches after domain hijack, confirms $30K in losses

BONK.fun has restored its website following a domain hijack incident that resulted in approximately $30,000 in user losses. The breach, caused by a social engineering attack targeting its domain service provider, led to an unauthorized domain transfer. The attackers did not compromise BONK.fun’s internal systems or codebase. A phishing interface was deployed, tricking users into signing malicious transactions. The team will reimburse affected users at 110% of their losses. Full functionality was restored by March 19, though some antivirus providers still flag the domain. BONK’s price remains weak, trading near $0.0000059. The incident underscores vulnerabilities in third-party infrastructure rather than protocol-level flaws.

ambcrypto03/20 21:03

BONK.fun relaunches after domain hijack, confirms $30K in losses

ambcrypto03/20 21:03

Skynet Crypto ATM Fraud Report Highlights Surge in US Crypto ATM Scams

The newly released Skynet Crypto ATM Fraud Report reveals a sharp rise in cryptocurrency kiosk scams across the United States, with losses reaching $333.5 million in 2025. These scams, driven by organized criminal networks, exploit the speed and anonymity of crypto ATMs to defraud victims through social engineering tactics. Scammers often impersonate government or bank officials to manipulate victims—disproportionately seniors over 60—into depositing cash into machines that transfer funds directly to criminal-controlled wallets. The report highlights challenges in tracing transactions due to structural gaps in kiosk systems and the use of sophisticated laundering techniques. While regulators and operators are implementing stricter verification and real-time analytics, public awareness and pre-transaction interventions remain crucial to combating this growing financial crime.

TheNewsCrypto03/13 00:32

Skynet Crypto ATM Fraud Report Highlights Surge in US Crypto ATM Scams

TheNewsCrypto03/13 00:32

活动图片

Regulatory Policy

Industry News