BlockBeats News, February 20 — Co-founder of SlowMist, Yu Xian, reposted a security alert. Currently, OpenClaw’s ClawHub marketplace has identified 1,184 malicious skills that can steal SSH keys, crypto wallets, browser passwords, and open reverse shells. A single attacker has uploaded 677 packages. The top-ranked skill contains 9 vulnerabilities and has been downloaded thousands of times.
Yu Xian warned users that text is no longer just text, but instructions. It is recommended to use AI tools in a separate environment, as many OpenClaw skills pose potential risks. Additionally, in Web3 security, smart contracts are only part of the picture; the true causes of incidents have long gone beyond just the contracts. A few days ago, Moonwell was hacked for $1.78 million, with the flawed code originating from Co-Authored-By: Claude Opus 4.6.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Gate Daily (February 24): Jane Street sued by Terraform liquidator; Ethereum forms a new team to promote DeFipunk
Bitcoin (BTC) continues its decline from the beginning of the week, currently around $63,500 as of February 24. The Ethereum Foundation has established a DeFi team to promote the development of the "DeFipunk" protocol. Jane Street was sued by Terraform Liquidation Party, accused of using insider trading to accelerate the crash.
MarketWhisper24m ago
Australia charges suspect with $5 million AUD crypto scam
Australian police have charged a 42-year-old man in connection with a crypto investment scam, defrauding over 190 vulnerable seniors of AUD 5 million. The suspect will appear in court on March 17, with another 36-year-old also under investigation.
TapChiBitcoin36m ago
Step Finance, SolanaFloor, and Remora Markets will cease all operations
Step Finance, SolanaFloor, and Remora Markets announce shutdowns after a January hack resulting in $40 million worth of assets stolen. After failing to find a viable business recovery plan, they have decided to cease all operations and offer buyback and redemption options for secured token holders.
GateNewsBot47m ago
Trump Family Stablecoin USD1 Suddenly Loses Peg! WLFI Claims It Was a Coordinated Attack
On February 23, the stablecoin USD1 under the DeFi project World Liberty Financial (WLFI), associated with the Trump family, temporarily lost its dollar peg, dropping to a low of 0.994 USD before quickly rebounding. WLFI characterized the incident as a hacker-led "coordinated attack," but rumors of Eric Trump deleting posts and an undisclosed insider trading investigation suggest that this storm is far from over.
MarketWhisper52m ago
USD1 briefly drops to 0.997 USD, World Liberty Financial says it was a "coordinated attack"
World Liberty Financial's USD1 stablecoin dipped to $0.99707 but stabilized quickly, claiming no depegging occurred. The company attributed the dip to a coordinated attack, involving hackers targeting founders to manipulate the market. WLFI token fell 3%.
TapChiBitcoin1h ago
IoTeX offers a 10% bounty to the cross-chain bridge hacker, demanding the return of $4.4 million worth of assets within 48 hours.
Odaily Planet Daily reports that IoTeX has announced a 10% white-hat bounty (approximately $440,000) for hackers who attack its ioTube cross-chain bridge, provided that the stolen assets of about $4.4 million are returned within 48 hours. IoTeX co-founder and CEO Raullen Chai stated that if the funds are returned, the team will not pursue legal action or disclose the hacker's identity to law enforcement.
GateNewsBot2h ago
