Complete Chronology of Ilham's DRB: Taking Advantage of the GROK Loophole, Earning $175,000
2026-05-05
Bittime - Story of $DRB It all started on March 7, 2025, not with a team of professional developers, but with a simple experiment. An account named @coin_domin attempted something unprecedented: asking Grok, Elon Musk's AI assistant, to name and determine the ticker of a crypto token.
Grok responded by naming it DebtReliefBot and ticking it $DRB. Surprisingly, BankrBot—an automated bot connected to an on-chain wallet—immediately deployed the token to the Base network (Coinbase's Ethereum layer-2 platform).
Key Takeaways
Ilham exploits Grok via Morse code, transferring 3 billion DRB ($175,000) to his wallet
BankrBot system reads public replies as valid commands without verification
Mediation returns 80% of funds, 20% becomes an informal bug bounty
Register at Bittimenow and start trading crypto with a fast, safe, and easy process in the app.
$DRB Development in the Base Ecosystem
Over time, DRB has gained recognition in the crypto community. The token thrives in the Base ecosystem with enthusiastic community support.
Interestingly, the Grok wallet also receives fees from every DRB transaction activity, creating an automatic income stream for the “AI creator”.
According to CoinGecko data, $DRB is listed as the crypto asset with decentralized liquidity on the Base chain.
These tokens can be monitored for price and market capitalization directly through the data aggregator platform.
May 4, 2026: Ilham Begins Experiment
Nearly a year after the birth of $DRB, an X user named Ilham conducted an experiment that would change everything. Ilham's first step was to sendBanker ClubNFT membership to Grok wallet.
This action unlocks the transfer feature on the wallet. This is a crucial first step—without this NFT, the vulnerability cannot be exploited.
Ilham understands this mechanism well.
Read also:Kelp DAO Attacked for $293 Million: Key Lessons from the Biggest DeFi Hack of April 2026
Technique Prompt Injection via Morse Code
Ilham then tweeted a message containing Morse code concealing a malicious command. The tweet tagged the account @grok. Grok, who is known for his helpful nature, then translated the Morse code.
The result of the translation? An instruction instructing BankrBot to transfer tokens. Grok replied to the tweet in a format that BankrBot automatically read as a valid command.
This is a perfect example of prompt injection—the technique of inserting hidden commands into a conversation with an AI so that the AI executes them without suspicion. The Morse code method was chosen to avoid being easily detected by manual monitoring.
BankrBot Executes Transfers
BankrBot, reading Grok's reply as a valid command, immediately sends 3,000,000,000 $DRB Tokens
$DRB (3 billion tokens) to Ilham's wallet. At the time, the tokens were valued between $175,000 and $200,000 USD (approximately Rp2.8 billion).
Technically on-chain, this transaction is 100% valid. The system is working exactly as designed. There was no hack in the traditional sense—no private keys were stolen, no smart contracts were compromised.
What happened was an exploitation of a logic gap in the AI-agent system connected to an on-chain wallet.
Read also:What Is BNKR Coin? Getting to Know Bankr Crypto and How It Works
Ilham Exchanges Funds and His Account Disappears
After successfully receiving 3 billion $DRB tokens, Ilham immediately exchanged them all toETH And USDCthrough several different wallets.
The goal is to hide on-chain traces and secure value in the form of more stable assets.
Shortly after that, Ilham's X account disappeared or was deactivated.
The community began to panic and wonder what was really happening. Wild speculation arose.
Viral and Heated Debate in the Community
The case immediately went viral. The crypto community was divided into two camps. Some considered Ilham a hacker who stole funds from a project they admired. Others considered him a white hat hacker who discovered a serious security flaw and deserved compensation.
Clearly, this incident highlights a major flaw in AI-agent systems connected to on-chain wallets.
How could a bot read public replies on social media and assume they were transfer orders without further verification? This question has been a hot topic of discussion for days.
Setyamickala Acts as Mediator
Amidst the heated debate, a mediator named @setyamickala stepped in to bridge the gap between Ilham, the community, and the affected parties (including the Grok wallet owner and the BankrBot team). The mediation process lasted intensively for several days.
The mediator strives to find a fair solution for all parties. The challenge is to balance acknowledging the security vulnerabilities with appropriate compensation.
<blockquote class="twitter-tweet"><p lang="in" dir="ltr">Kronologi Lengkap <a href="https://twitter.com/search?q=%24DRB&src=ctag&ref_src=twsrc%5Etfw">$DRB</a> & Kejadian Ilham<br><br>7 Maret 2025, awal eksperimen <a href="https://twitter.com/coin_domin?ref_src=twsrc%5Etfw">@coin_domin</a><a href="https://twitter.com/coin_domin?ref_src=twsrc%5Etfw">@coin_domin</a> membuat eksperimen di X dengan meminta Grok memberi nama dan ticker untuk token yang akan dideploy lewat BankrBot.<br><br> Grok memberi nama <a href="https://twitter.com/search?q=%24DRB&src=ctag&ref_src=twsrc%5Etfw">$DRB</a><br>Grok menyarankan nama DebtReliefBot…</p>— Ancy, CCE, CBP, HMN, BALM (@AnalisaCrypto) <a href="https://twitter.com/AnalisaCrypto/status/2051307568157659330?ref_src=twsrc%5Etfw">May 4, 2026</a></blockquote> <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
Ilham Returns 80% of Funds
Through mediation, Ilham eventually returned approximately 80% of the funds to the Grok wallet. The refunds were made in ETH and USDC, corresponding to the assets obtained from the $DRB token sale.
The remaining 20% (around $35,000) is considered an informal bug bounty—compensation for Ilham's successful discovery of a security flaw previously unknown to the development team.
This decision has drawn both pros and cons. Ilham's supporters argue that he deserves the bounty for engaging in "white hat hacking," which ultimately makes the system more secure.
Opponents argue that the approach is still wrong because it harms the ecosystem and scares away retail investors.
Read also:Lazarus Group: The Mastermind Behind the Biggest Crypto Hack
Doxing of Non-Official DRB Accounts
Amidst the widespread controversy, an unofficial DRB account emerged, doxing Ilham. The account publicly disseminated personal data such as his full name, address, phone number, and other identifying information.
This doxing was widely condemned by the community, including DRB supporters. Regardless of the controversy surrounding the case, the release of personal data remains unjustified. Criticism is welcome, but doxing crosses ethical and legal boundaries.
Grok/xAI Admits It Was an Expensive Lesson
According to information circulating in the community, the Grok/xAI team internally acknowledged that this incident was an expensive lesson in AI agent security. They called it an "intelligent prompt injection via Morse code."
This case serves as an important case study for improving system security in the future.
Some possible improvements include adding manual verification for high-value transfers, limiting the AI's authority to execute financial commands, and filtering suspicious input such as Morse code or other strange encodings.
The main lesson: AI that is too “helpful” and directly connected to on-chain execution is a dangerous combination if not accompanied by layered verification.
Read also:Bybit Hack: Around $1.5 Billion in ETH Stolen by Hackers
Conclusion
According to blockchain security analysts who have reviewed the case, the DRB incident bears similarities to "prompt injection" attacks that have occurred on other integrated chatbot systems. The difference is that the DRB case involved actual financial execution, not just harmless text output.
Some experts recommend that AI systems connected to wallets should incorporate multiple layers of verification. For example, requiring manual confirmation from the wallet owner for transfers above a certain amount, or requiring additional authentication such as digital signatures or 2FA.
The $DRB token itself is currently still traded on the Base chain DEX through platforms like Uniswap.
However, this incident has tarnished its reputation. Prospective investors are advised to exercise caution and understand the full risks before engaging with tokens connected to automated AI systems without adequate human oversight.
How to Buy Crypto on Bittime?
Want to trade sell buy Bitcoins and crypto investment easily? Bittime is here to help! As an Indonesian crypto exchange officially registered with OJK, Bittime ensures every transaction is safe and fast.
Start with registration and identity verification, then make a minimum deposit of IDR 10,000. After that, you can immediately buy your favorite digital assets!
Check the exchange rate BTC to IDR, ETH to IDR, SOL to IDR and other crypto assets to find out today's crypto market trends in real-time on Bittime.
Also, visit the Bittime Blog for interesting updates and educational information about the crypto world. Find reliable articles about Web3, blockchain technology, and digital asset investment tips designed to enrich your crypto knowledge.
FAQ
What did Ilham do to Grok?
Ilham exploited the prompt injection loophole by inserting transfer commands in Morse code into tweets tagging @grok.
How many DRB tokens did Ilham successfully transfer?
Ilham successfully transferred 3,000,000,000 DRB tokens (3 billion) worth around
175.000−200.000.
Did Ilham return all the funds taken?
Not all. Ilham returned about 80% of the funds through mediation, with the remaining 20% considered an informal bug bounty.
Who is the mediator in this case?
Account X named @setyamickala acted as a mediator between Ilham, the community, and the affected parties.
What are the main lessons from the DRB Ilham case?
AI connected to on-chain execution without human verification is highly vulnerable to prompt injection exploits.
Disclaimer: The views expressed belong exclusively to the author and do not reflect the views of this platform. This platform and its affiliates disclaim any responsibility for the accuracy or suitability of the information provided. It is for informational purposes only and not intended as financial or investment advice.
.png)
