1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories. Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.

update: we've identified an attacker was able to access 14 bankr wallets. we've temporarily locked things down while we work through the details. we will be reimbursing any and all lost funds. will provide more updates as we have them.

re @bankrbot hack, ~$170K drained so far, here's my best guess as to what happened (with the help of Caddie) TLDR - multiple Bankr user wallets drained on May 19, 2026. looks like the attacker had direct signing access to Privy-managed embedded wallets — doesn't appear to be an approval exploit or smart contract bug. tokens were transferred out via direct transfer() calls, swapped to ETH, bridged Base → Ethereum mainnet, then distributed across multiple wallets - warning: not 100% certain Hypothesis 1/ Bankr uses Privy as a provider (Privy has sign-in with X) - session keys held on Bankr's backend, private keys compromised - Bankr-bot saying funds are safe isn't reassuring — they're likely just checking balances, unless they know exactly which keys got hit Hypothesis 2/ Privy itself - Privy is rock solid, I don't think it's them. more likely H1 what users should do. err on the side of caution - check your wallet for unauthorized transfers, you can do so on Basescan or using B3OS by talking to Caddie, just copy/paste your wallet into Caddie - report to Bankr Discord - move assets to fresh EOAs when withdrawals enable welcome any/all other theses!