Exploits and Hacks Plague Emerging AI Crypto Projects

- The OpenClaw project underwent multiple name changes in a short period, starting as "Clawdbot" before a trademark complaint from AI company Anthropic prompted a switch to "Moltbot," and finally "OpenClaw." This rapid rebranding created a window of opportunity for scammers. - Scammers took control of the abandoned "Clawdbot" X (formerly Twitter) and GitHub handles moments after they were released. They used these official-looking accounts to promote the fraudulent Solana-based $CLAWD token to the project's large and engaged follower base. - The fake $CLAWD token was part of a pump-and-dump scheme, where its market capitalization was artificially inflated to $16 million before the creators sold off their holdings, causing the price to crash by over 90%. - In response to the incident and subsequent harassment of the project's creator, Peter Steinberger, a complete ban on cryptocurrency-related keywords, including "Bitcoin," was implemented on the official OpenClaw Discord server. - This type of exploit, combining AI project hype with pump-and-dump tactics, is becoming a recurring playbook. Scammers often use tactics like purchasing fake GitHub stars to manufacture viral attention for a project before launching an associated token. - Other attack vectors targeting the OpenClaw community included malicious npm packages with typos in their names designed to steal API keys and other sensitive data. - A separate incident on Solana involved an AI trading bot accidentally sending its entire $250,000 holdings of the LOBS meme coin to a user who was begging for a small amount of SOL, highlighting the risks of smart contract vulnerabilities in AI agents. - Security researchers have noted a rise in AI-generated malicious software targeting the crypto community, such as an npm package on Solana that concealed a wallet drainer and was downloaded over 1,500 times.