Solana Protocol OpenClaw Exploited for $16M
Solana DeFi protocol OpenClaw suffered a $16 million exploit that nearly destroyed a related viral AI project. Attackers reportedly took advantage of a vulnerability linked to a rebranding and liquidity event. In a separate development, OpenAI acquired the OpenClaw AI gateway project, which has since spurred developers to build open-source tools for automated lead generation.
- The $16 million figure refers not to a direct theft from the protocol, but to the peak market capitalization of a fraudulent Solana-based token called CLAWD. Scammers created this token after hijacking the project's former social media handles during a rapid rebranding effort. The token's value plummeted by over 90% after the project's founder, Peter Steinberger, publicly denied any affiliation. - A critical vulnerability, identified as CVE-2026-25253 with a high CVSS score of 8.8, allowed for one-click remote code execution. This flaw enabled an attacker to take full control of a user's AI assistant and the underlying system simply by having the user click a malicious link. The vulnerability was addressed in a patch released on January 30, 2026. - The project's rebranding was chaotic, changing from "Clawdbot" to "Moltbot" and finally to "OpenClaw" due to trademark pressure from AI company Anthropic. This confusion was exploited by attackers who quickly registered old handles and created typosquatted domains to deceive users. - In the weeks following the exploit, security firms identified a massive increase in publicly accessible OpenClaw instances, with one firm reporting a jump from around 1,000 to over 21,000 in a single week. Many of these were misconfigured, exposing sensitive data like API keys and plaintext credentials. - OpenAI's acquisition of the OpenClaw AI gateway involved hiring its creator, Peter Steinberger, to lead a new personal agents division, a move made after a competitive bidding situation with Meta. The agreement stipulates that OpenClaw will continue as an open-source project under a new foundation funded by OpenAI. - Researchers discovered that roughly 12% of the skills on OpenClaw's public marketplace, ClawHub, were malicious. These add-ons, with seemingly harmless names, were designed to install malware like keyloggers and information stealers on users' systems. - To distance the project from the token scam and prevent future abuse, the official OpenClaw Discord server instituted a strict ban on all mentions of cryptocurrency, which includes even neutral technical discussions.
