Openclaw has been surging for four months, causing users to lose millions of dollars.

In 2026, many people call this year the first year of Agentic Finance. With OpenClaw, Agents can automatically arbitrage, trade, and execute complex DeFi operations—basically turning into users’ own private money-printing machine.

But that fantasy shatters fast.

In February, an OpenAI employee, Nik Pash, used the OpenClaw framework to develop a crypto trading AI agent called “Lobstar Wilde.” While handling a user’s help message (medical fees of only 4 SOL), a number-parsing error caused it to transfer all 52.43 million LOBSTAR tokens it held out in a single batch.

At the time, the market value was about $250,000. After the token price later rose, the value reached nearly $600,000. Within 15 minutes of the transfer, the tokens were fully sold off, and the actual cash-out was about $400,000. But the overall loss had already reached the hundreds of thousands of dollars range. This is a typical case of uncontrolled autonomous execution by an AI: it wasn’t a hacker breach, and it wasn’t a smart-contract vulnerability. It was simply that the Agent “misunderstood,” and sent the money all the way out.

Illicit actors quickly copied the same logic. According to a report by PANews, criminals and gray-market groups leveraged OpenClaw’s instruction-execution feature to trick an AI into completing wallet transfers with simple prompting. There are already users who report that “in a moment of carelessness, they had hundreds of thousands of dollars in assets stolen,” including stablecoins like USDT. Transaction records are hard to trace, and once authorization is granted, it’s almost impossible to get funds back. The China Internet Finance Association also specifically issued an announcement, listing “fund loss risk” as one of OpenClaw’s four core risks. It clearly pointed out that under high privileges, malicious attackers can directly steal users’ funds.

This isn’t a bug in some smart contract. It’s a systemic risk in the Agent’s runtime environment itself. One parsing error, or a piece of wording disguised as a normal instruction, is enough to make the Agent perform irreversible on-chain actions on your behalf—wiping everything out.

Agents are becoming more active on-chain, but the infrastructure to protect them still isn’t ready—far from it.

The market is running at full speed, and so are the incidents.

In early 2026, on-chain daily active AI Agents surpassed 250,000, up over 400% year over year. 68% of new DeFi protocols have built-in autonomous AI Agents. The global AI Agent market is expected to grow from $8.84 billion to $52.62 billion, with a CAGR of 46.3%. Analysts predict that by year-end, AI Agents may handle 30% of on-chain transaction volume.

Now look at the other side—the incidents.

In November 2024, a user asked ChatGPT to write a Pump.fun trading bot. The AI recommended a phishing API, and 30 minutes later the wallet was emptied, resulting in a loss of $2,500. That same month, the trading terminal DEXX was hacked due to plaintext private-key hosting, leading to about $21 million stolen. Nearly 1,000 people were affected, and reimbursement remains uncertain to this day.

At the end of 2025, a trading bot’s DeBot wallet was allegedly hacked. 250,000 USDT was quickly transferred away.

In March 2026, the widely used developer library litellm (9,500万 monthly downloads) was poisoned via the supply chain. Malicious code automatically stole crypto wallets and cloud credentials, and Karpathy personally posted a warning.

The cases are scattered, but they point to only one core problem:

From script bots to Agent Trading, you need a more mature wallet infrastructure. It’s a track worth billions of dollars in the coming years, yet most players choose to “go in without a suit” for convenience.

That’s the reality we’re seeing. And it’s also what we, together with many Web3 security industry leaders, hope to solve.

What is Claw Wallet?

If Metamask represents the To C wallet category and Privy represents the To B category, then Claw Wallet aims to become the best To A wallet: a fully capable wallet for Agent autonomous activity, while ensuring secure payment infrastructure.

Key isolation: Isolating private keys is the basic operation. But Claw Wallet goes further—by using battle-tested key sharding technology, assets are co-managed by the Agent, risk-control strategies, and the user, plus redundant backups to provide additional disaster recovery fault tolerance.

Interaction security: Users can customize risk-control plans, with precise control over the destination address, interaction address, amount, transaction frequency, and signing strategy. Non-professional users don’t have to worry either—strict default protection automatically blocks malicious contracts and phishing signatures.

User-friendly: Supports multiple creation methods. Agents can be installed completely independently with one click, and they can also be easily linked with human users. For high-frequency trading and information scraping scenarios, it provides a fully automated mode and an SDK, allowing advanced users to integrate quickly in various situations.

Why do we want to do the harder thing?

To be bluntly honest, what many wallets do today is basically: hand the private key directly to the Agent, add a whitelist, and call it a day. We strongly don’t recommend these approaches.

Wallets that care more about security at least do private-key isolation and sandbox execution—we basically agree with that direction. But for us, it’s not enough.

The reason is simple: an Agent’s behavior is dynamic.

It doesn’t repeat the same operations every day; it makes different decisions based on market conditions, on-chain state, and strategy parameters. A carefully crafted malicious smart contract can completely bypass the limitations of static rules.

Private-key security is only the most basic piece. Dynamic interaction security is the core that determines whether an Agent can truly backstop losses of assets.

Claw Wallet chooses to implement risk control at the strategy layer—understanding the context of an Agent’s behavior, and determining whether a transaction is reasonable before executing it. It’s not “stop it after the fact,” but prevention beforehand.

Technically, the private key is split into multiple encrypted shards, each held by sandbox, backend, and user-side security workflows. Any signing operation must satisfy two conditions at the same time: strategy validation passes + user confirmation.

Simply put: no matter how fast your Agent runs out there, its keys are always in your hands.

Different scenarios, different protections

Claw Wallet is not a one-size-fits-all solution. For the most active on-chain scenarios where Agents are used, we’ve designed targeted protection:

DeFi yield automation: Agents move funds across protocols and maximize returns. The risks are excessive authorization and contract vulnerabilities. Claw Wallet’s approach: fine-grained risk control + abnormal-behavior circuit breaking. The Agent can only operate within the set of protocols you approve; if behavior deviates, it’s immediately paused.

Perpetual contracts/automated trading: Very high requirements for private-key security—the loss is measured in seconds after leakage. Claw Wallet uses isolated key management, where the private key is neither stored in plaintext nor transmitted in plaintext, and signing is completed in a controlled environment.

Cross-chain asset operations: Bridging contracts have long been a high-frequency zone for security incidents. Before signing, Claw Wallet identifies the intent of the transaction, automatically intercepting known malicious contracts and suspicious signing requests.

On-chain micro-payments/Agent-to-Agent settlement: The risk of high-frequency small transactions is “loss without feeling”—each loss is small, but adds up over time. Claw Wallet provides real-time monitoring and threshold alerts. Abnormal frequency or abnormal flow direction triggers immediate notifications.

It’s time

More than 250,000 active Agents operate on-chain every day, moving real funds and generating real revenue. This number is still accelerating in growth.

But growth doesn’t equal maturity. An Agent without security guarantees isn’t helping you create value—it’s helping you accumulate risk.

You spent time training it, configuring it, and letting it learn to make money on-chain. Now it’s time to give it a truly secure home.

Today, Claw Wallet is officially live.

Official website installation:

Currently, Claw Wallet has reached deep cooperation with multiple institutions, including PIN AI, 0G Labs, Haedal, Navi Protocol, Clawdi, and others, working to comprehensively safeguard the on-chain security of AI Agents.

Bring Claw Wallet to your Agent, and set off with peace of mind.

About Claw Wallet

A security wallet truly built for AI Agents

ClawWallet is a professional Web3 security wallet for AI Agents. It supports 3-second self-custody multi-chain wallet deployment, and ensures that crypto assets are used safely within authorized ranges through a strategy-based risk-control engine. It’s built specifically for high-risk on-chain Agent workflow scenarios.