According to Manifold researcher Ax Sharma, 30 plugins on ClawHub disguised as legitimate AI tools have been downloaded over 9,800 times while secretly converting users’ AI assistants into cryptocurrency workers. The plugins, published under the account imaflytok, appear as routine task schedulers and monitoring tools but contain hidden instructions that execute unauthorized operations.
Once installed, the plugins automatically register users’ AI assistants with third-party servers, generate cryptocurrency wallets, and extract private keys without user consent or notification. The assistants then check in every 4 hours awaiting task assignments. Sharma noted the plugins contain no malicious code detectable by security scanners, using only standard interfaces and legitimate tools, making them difficult to identify through conventional security reviews.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Sui DEX Protocol Aftermath Finance Halts Following Vulnerability Discovery on April 29
According to BlockBeats, Aftermath Finance, a DEX protocol on the Sui network, discovered a vulnerability affecting the protocol on April 29 and paused operations as a precautionary measure. The team is investigating the issue in coordination with security partners and is taking steps to minimize
GateNews27m ago
Ethereum Suffers 4 Smart Contract Attacks in 48 Hours, Losses Exceed $1.5 Million
Gate News message, April 29 — Ethereum mainnet experienced four smart contract attacks over the past 48 hours (April 27-29), resulting in combined losses exceeding $1.5 million, according to GoPlus Security.
The incidents included an attack on the Onchain aggregator contract causing $983,000 in los
GateNews2h ago
ZetaChain Reports Cross-Chain Messaging Vulnerability, $333,868 Loss from April 24 Attack
Gate News message, April 29 — ZetaChain released a post-mortem report confirming that the April 24 attack exploited vulnerabilities in its cross-chain messaging pipeline. The incident resulted in a total loss of $333,868 (primarily USDC and USDT) across nine transactions on Ethereum, Arbitrum,
GateNews2h ago
US Court Sentences Cartier Descendant to 8 Years for $470 Million Crypto Laundering Scheme
Gate News message, April 29 — A U.S. court has sentenced Maximilien de Hoop Cartier, a descendant of the Cartier luxury jewelry family, to eight years in prison for operating an unlicensed over-the-counter crypto exchange. Prosecutors said the operation moved more than $470 million in drug
GateNews2h ago
South Korea's Financial Commission Refers Two Crypto Market Manipulation Cases to Investigators, API Key Lenders May Face Liability
Gate News message, April 29 — South Korea's Financial Commission decided at its eighth regular meeting to refer two virtual asset market manipulation cases to investigative authorities. The detected manipulation methods combined traditional securities market tactics with API abuse techniques
GateNews3h ago
Syndicate's SYND Token Crashes 34% After Commons Bridge Exploit on April 29
According to PeckShieldAlert, Syndicate's Commons bridge was compromised on April 29, causing the native SYND token to crash 34% to a new all-time low of $0.019. The bridge was shut down to prevent further losses after accepting unverified cross-chain messages. The attack extended a series of smart
GateNews4h ago
