On May 4, 2026, an attacker stole nearly $200,000 from Grok's auto-created crypto wallet — without touching a single line of code. No private key theft. No smart contract exploit. Just a reply on X, written in dots and dashes. This is the story of the most elegant prompt injection attack to date, why it worked, and how a single middleware layer would have stopped it cold. What Happened Grok, xAI's AI chatbot, had a wallet on the Base blockchain managed through Bankrbot — an automated bot on X that executes crypto transactions on behalf of wallets it recognizes. The attacker's setup was clever. First, they sent Grok's wallet a Bankr Club Membership NFT. This NFT acts like a VIP card: once a wallet holds it, Bankrbot expands its permissions — enabling token transfers and Web3 command execution. Before the NFT, Grok's wallet was read-only. After it: full execution access. Then came the attack. The attacker replied to a public Grok post on X — not with English, but with Morse code: .... . -.-- / -... .- -.…