OpenClaw AI Platform Exploited, Bans Crypto
Hacking groups are exploiting misconfigured and outdated instances of the OpenClaw agent platform to steal API keys and deploy malware. In response to ongoing security issues, OpenClaw has now banned all mentions of Bitcoin and cryptocurrency on its Discord channels. This highlights the growing trend of AI and agentic platforms becoming prime targets for cyberattacks.
- The crypto ban was triggered by scammers who hijacked abandoned social media handles during an OpenClaw rebrand, launching a fraudulent Solana-based token called $CLAWD. This token briefly reached a $16 million market capitalization before collapsing over 90% after the project's founder, Peter Steinberger, denied any involvement. - The platform's security issues extend beyond the crypto scam, with one high-severity vulnerability, CVE-2026-25253 (CVSS 8.8), allowing for one-click remote code execution. This flaw was one of five security advisories issued in less than a week, a series that also included two dangerous command injection vulnerabilities. - A security audit of over 2,890 OpenClaw "skills"—the plugins that extend its functionality—found that more than 41% contained significant security vulnerabilities. The "ClawHavoc" campaign involved attackers distributing 341 malicious skills through the official marketplace, ClawHub, which delivered malware like the Atomic Stealer. - The architectural design of OpenClaw contributes to its security risks, as it stores API keys and other credentials in plaintext and has privileged access to the host machine's file system, email, and shell. This broad access, combined with an inability to reliably separate commands from data, makes it highly susceptible to prompt injection attacks. - The problem of exposed instances is widespread, with security firms identifying between 21,000 and 42,665 OpenClaw instances publicly accessible on the internet, many running without authentication. This exposure is compounded by related data leaks, such as the Moltbook platform incident which exposed 1.5 million agent API tokens and 35,000 user email addresses. - Threat actors are increasingly using legitimate AI services as command-and-control (C2) channels to evade detection. By relaying communications through trusted AI platforms, malware can blend in with normal enterprise traffic, making it difficult for security tools to flag or block malicious data exchanges. - The rise of "agentic" AI, which can operate with a high degree of autonomy, is a growing area of interest for cybercriminals and nation-state actors. These groups are exploring how to use autonomous agents to automate spear-phishing, develop sophisticated malware, and conduct disruptive campaigns.
