BlockBeats News, February 20 — Co-founder of SlowMist, Yu Xian, reposted a security alert. Currently, OpenClaw’s ClawHub marketplace has identified 1,184 malicious skills that can steal SSH keys, crypto wallets, browser passwords, and open reverse shells. A single attacker has uploaded 677 packages. The top-ranked skill contains 9 vulnerabilities and has been downloaded thousands of times.
Yu Xian warned users that text is no longer just text, but instructions. It is recommended to use AI tools in a separate environment, as many OpenClaw skills pose potential risks. Additionally, in Web3 security, smart contracts are only part of the picture; the true causes of incidents have long gone beyond just the contracts. A few days ago, Moonwell was hacked for $1.78 million, with the flawed code originating from Co-Authored-By: Claude Opus 4.6.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Cryptocurrency scams target dating apps, $327,000 USDT seized
Boston authorities in the United States have filed charges in a cryptocurrency dating scam case, where the victim was defrauded of $327,829.72 in Tether (USDT) by the scammer "Linda Brown" through a dating app. The case fits the "pig butchering" scam pattern, where the scammer first builds emotional trust before inducing investment. USDT, due to its stability and anonymity, has become the main tool for scam funds, highlighting the severity of current crypto scams and the enforcement challenges.
MarketWhisper32m ago
Mt. Gox Bankruptcy Case May See Resolution with Proposed Bitcoin Hard Fork
Former Mt. Gox CEO Mark Karpeles has proposed a Bitcoin hard fork to recover 80,000 BTC stolen from the exchange over a decade ago.
The hard fork would see the BTC, worth $5 billion and currently held by a single wallet, moved to a new address without the requirement of the original private k
CryptoNewsFlash10h ago
TRM Labs Report: AI-Driven Crypto Scams Increase 500% Year-over-Year by 2025
TRM Labs report indicates that artificial intelligence is reshaping digital financial crime, with illegal cryptocurrency flows expected to reach $158 billion by 2025. AI-driven scam cases have surged by 500%. Autonomous AI agents accelerate money laundering, lower the barriers to evasion, and lead to a compliance crisis. Legal liabilities are difficult to trace, requiring international cooperation to resolve jurisdiction conflicts.
GateNews12h ago
White-hat hackers help Foom Cash recover $1.84 million stolen funds, accounting for approximately 81% of the total funds.
Decentralized anonymous lottery protocol Foom Cash lost approximately $2.26 million due to a security vulnerability. White hat hackers intervened in time to recover $1.84 million. The issue stemmed from a misconfiguration of the Groth16 verifier. White hat hackers collaborated with security companies to protect the funds and received bounties and security fees.
GateNews12h ago
South Korea to investigate cryptocurrency photo leak and seed phrase incident causing $4.8 million in tax authority losses
The Korea National Tax Service apologized after publicly sharing a photo of a hardware wallet seed phrase, which led to the theft of $4.8 million worth of cryptocurrency. The government has requested police intervention and will strengthen regulations on digital asset management.
GateNews12h ago
