BlockBeats News, February 20 — Co-founder of SlowMist, Yu Xian, reposted a security alert. Currently, OpenClaw’s ClawHub marketplace has identified 1,184 malicious skills that can steal SSH keys, crypto wallets, browser passwords, and open reverse shells. A single attacker has uploaded 677 packages. The top-ranked skill contains 9 vulnerabilities and has been downloaded thousands of times.
Yu Xian warned users that text is no longer just text, but instructions. It is recommended to use AI tools in a separate environment, as many OpenClaw skills pose potential risks. Additionally, in Web3 security, smart contracts are only part of the picture; the true causes of incidents have long gone beyond just the contracts. A few days ago, Moonwell was hacked for $1.78 million, with the flawed code originating from Co-Authored-By: Claude Opus 4.6.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Polymarket hacked, with vulnerabilities in the off-chain and on-chain transaction result synchronization mechanism
Polymarket was hacked due to a design flaw. The attacker exploited nonce manipulation to invalidate on-chain transactions, resulting in user losses. Users are advised to suspend automated trading tools, verify transaction statuses, and enhance security.
GateNewsBot2m ago
Balancer suspends reCLAMM-related pools due to security vulnerability reports, ensuring user fund safety
Foresight News reports that Balancer announced they received a security report about Balancer's reCLAMM (rebalancing concentrated liquidity AMM) from the vulnerability bounty platform Immunefi. As a precaution, Balancer has suspended the operation of related liquidity pools during the investigation. The official emphasizes that user funds are safe and fully accessible, and further updates will be announced continuously.
GateNewsBot12m ago
Hacker returns 21 million USD worth of stolen Bitcoin to Korean authorities
South Korean prosecutors recovered approximately $21.4 million in stolen Bitcoin. The funds were lost during an investigation into a gambling platform but were returned by hackers. Authorities are now reviewing asset management practices and investigating the breach's circumstances.
TapChiBitcoin31m ago
Former Australian defense personnel pleads guilty to selling hacking tools, accepting payments in crypto
Peter Williams, an Australian citizen, pleaded guilty to stealing trade secrets in Washington after selling sensitive cyberattack tools linked to Russia. He received $1.26 million in cryptocurrency, which he spent on luxury items and real estate, resulting in damages exceeding 19,283,746,565,748,392,01 dollars for the affected companies. The prosecution is seeking a nine-year sentence and 19,283,746,565,748,392,01 dollars in restitution, emphasizing the role of cryptocurrency in espionage-related transactions.
TapChiBitcoin40m ago
$21M in Seized Bitcoin Returned After Authorities Freeze Transactions
_Coordinated exchange freezes forced the return of 320 BTC, exposing weaknesses in law enforcement crypto custody systems._
South Korean prosecutors have recovered roughly $21.4 million worth of Bitcoin previously stolen from official custody. Funds were taken last year after investigators
LiveBTCNews9h ago
The core figure of the LIBRA scam is the second-largest investor in Pump.fun's private round, profiting approximately $15 million.
Bubblemaps reports that Hayden Davis, a suspect in the LIBRA token scam, is the second-largest investor in Pump.fun's private round, investing 50 million USDC and selling for profit on the first day of listing. The address is clearly linked to Hayden Davis's on-chain transactions, and it is currently unclear whether Pump.fun's official team is aware.
GateNewsBot12h ago
