Bankr said in an official X post published on May 19, 2026 that an attacker had accessed 14 Bankr wallets and that the platform had “temporarily locked things down” while it investigated. The post also said Bankr would reimburse “any and all lost funds.” The visible references are Bankr’s official X post, SlowMist’s Hacked incident page and PANews’ May 20 report.
Bankr locks transactions after 14 wallets are accessed
Bankr’s confirmed update is limited to the wallet-access incident, the temporary lockdown and the reimbursement pledge. Bankr had disabled swaps, transfers and token deployments while investigating reports of compromised wallets, and that the pause was made “out of caution.” Bankr later identified an attacker who accessed 14 wallets and told users it would reimburse lost funds.
update: we've identified an attacker was able to access 14 bankr wallets.
we've temporarily locked things down while we work through the details. we will be reimbursing any and all lost funds.
will provide more updates as we have them. https://t.co/gVMLexiglT
— Bankr (@bankrbot) May 19, 2026
SlowMist’s Hacked database lists the Bankr incident under May 19, 2026, and says an attacker accessed 14 Bankr-managed user wallets. According to SlowMist, the attacker executed unauthorized transfers, mainly direct transfer() calls followed by swaps to ETH and bridging. SlowMist estimates losses at about $170,000 in ETH and BNKR tokens, a figure that remains provisional until Bankr publishes a final incident report or reconciled loss total.
PANews reported on May 20, 2026, that Bankr had announced on X that attackers breached 14 Bankr wallets, that the relevant systems were temporarily locked, and that all lost funds would be compensated. The compensation commitment is visible in Bankr’s own X post text and is also reported by PANews. However, SlowMist’s statement that reimbursement would come from treasury reserves of more than $3 million should be attributed to SlowMist unless Bankr separately confirms that treasury source.
Investigation status and operational risk
The confirmed status is narrow: Bankr has acknowledged attacker access to 14 wallets, temporarily locked relevant functions and pledged reimbursement. SlowMist adds an external security-tracker estimate of about $170,000 in losses and classifies the attack method as social engineering. Bankr has not yet published a full post-mortem identifying the final exploit path, affected addresses, reimbursement process or control failures.
Interpretation of the incident requires caution. The available material supports a risk discussion around wallet permissions, automated transaction systems and AI-agent authorization flows, but it does not yet establish a complete technical root cause. SlowMist founder Yu Xian described the exploit as a social-engineering attack targeting the trust layer between automated agents, possibly involving Grok and Bankrbot interaction. That remains a researcher interpretation, not a final Bankr forensic conclusion.
Bankr advised users not to sign transactions until further notice, to stop using compromised wallets, create new wallets and seed phrases on clean devices, move remaining assets and revoke approvals where assets could not be moved. Those steps address exposure from wallet permissions while Bankr’s investigation remains open.
The current factual position is therefore limited: Bankr’s official post confirms the 14-wallet breach, lockdown and reimbursement pledge. SlowMist provides the provisional $170,000 loss estimate and attack classification, while PANews independently reports Bankr’s compensation statement. Broader conclusions about AI-agent security, custody architecture or platform-level resilience should wait for Bankr’s final incident report.