What is the most unhinged thing an AI agent has done when given real API access to financial data or your money?

For those who have worked on agentic payments or agents dealing with real money/securities: Building these things on a test network or paper stocks is super fun, but the exact second you give an LLM actual signing access to a live wallet with real money, it feels like playing Russian roulette. I’m want to hear from people who have used it irl. What is the closest an agent has come to draining an account, burning a ton of money on infinite-loop transaction fees, or just doing something completely unhinged? I’ll go first: Literally happened today, my junior was testing a basic multi-agent setup to automate gas fee optimization and routing(web3 stack). I thought the prompt boundaries were airtight. But the underlying LLM got confused by idk some discrepancy(?) in a network fee log and confidently tried to execute a massive, entirely hallucinated batch transfer that would have sent a chunk of our funds to a random, un-activated dead wallet address. he was testing the pipeline through lyzr’s execution layer, so the guardrails caught the invalid payload structure and killed the run before it actually broadcasted to the chain. But just looking at the execution trace and seeing the agent request to basically flush his entire wallet(not much but it's all he got) was funny.