How a String of Morse Code Tricked an AI Into Wiring Real Money
A crypto heist nobody heard much about previews a dangerous new kind of attack, one that needs no stolen passwords, no malware, and no hacked firewall.

Key points
- Attackers used Morse code hidden in a message to manipulate an autonomous AI agent into authorising a financial transfer without any human approval.
- No malware was used. Standard security tools ignored the attack because the Morse code looked like harmless text.
- The attack exploited a flaw researchers are calling "authority laundering", where untrusted outside instructions get dressed up as trusted internal commands by passing through an AI system.
- Businesses are rapidly deploying AI agents, meaning software that can take actions on its own, inside financial, procurement, and customer-service workflows where this same flaw applies.
- Security experts say AI-generated instructions should never automatically inherit the same trust level as commands from a verified human or system.
No password was stolen. No virus was planted. From the computer's point of view, everything looked fine.
Attackers recently hijacked an autonomous AI agent, meaning a piece of software that can make decisions and carry out tasks on its own without waiting for a human to press a button, and used it to move money. The weapon was a string of Morse code dots and dashes.
Here is what happened. The criminals first deposited a digital token, a kind of software credential, into a crypto wallet that the AI was watching. The AI interpreted owning that token as proof it had permission to make transactions. Permissions unlocked.
Next, the attackers sent a message written in Morse code. Traditional security software ignored it entirely. It looked like meaningless text, not a virus. But the AI, eager to be helpful, treated it as a puzzle. It decoded the dots and dashes, read the resulting instruction, and passed it along to a second AI system responsible for moving funds. That second system saw a message coming from a trusted internal source and acted on it immediately.
The money moved. The attack succeeded.
Why should ordinary people care about this?
Because the same kind of AI agent involved in this incident is already being deployed inside companies that handle your insurance claims, your bank transfers, your medical referrals, and your online orders. This was a cryptocurrency exploit, but the underlying trick works anywhere an AI sits between the outside world and a system with real authority.
The security weakness here has a name: authority laundering. A hostile instruction sneaks in from outside, an AI processes it and passes it on, and the receiving system sees a clean internal command rather than something suspicious. The AI becomes, without knowing it, an accomplice.
Security researchers writing about this incident, first covered in analysis published by Dark Reading, stress that the AI did not malfunction. It did exactly what it was designed to do. That is the problem. An AI that faithfully follows any instruction it receives is dangerous the moment someone feeds it a malicious one.
For businesses, the practical lesson is uncomfortable. Many organisations are building workflows where AI systems both read incoming requests and then act on them, with no independent checkpoint in between. That removes the human review step that would normally catch something odd.
If your organisation uses AI tools that can approve payments, send communications, or change system settings, someone should be asking one question: what would happen if a hostile message got into that AI's inbox?
Customers whose data or money flows through AI-managed systems cannot fix this themselves. But they can ask companies they deal with whether human sign-off is still required before any AI takes a consequential action on their behalf. That question alone is worth asking.
The Morse code attack was small in scale. The lesson it carries is not.



