PANews March 2 News, GoPlus Chinese Community issued an alert: OpenClaw Gateway currently has a high-severity vulnerability. Please upgrade immediately to version 2026.2.25 or higher, audit and revoke unnecessary credentials, API keys, and node permissions granted to Agent instances. The analysis states that OpenClaw runs through a WebSocket Gateway bound to the localhost, which serves as the core coordination layer for the Agent and is an important component of OpenClaw. The attack targets the weakness in the Gateway layer, requiring only one condition: the user accesses a malicious website controlled by hackers in their browser.
The complete attack chain is as follows:
- The victim visits a malicious website controlled by the attacker in their browser;
- JavaScript on the page initiates a WebSocket connection to the OpenClaw Gateway on the localhost;
- Subsequently, the attack script attempts to brute-force the gateway password hundreds of times per second;
- After successfully cracking the password, the attack script silently registers as a trusted device;
- The attacker gains administrator-level control of the Agent.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Fake Police Officers Held French Couple at Knifepoint in $1M Bitcoin Robbery
Three suspects posing as police officers attacked a couple in Versailles, forcing them to transfer approximately €900,000 in Bitcoin. French authorities confirm the theft and are investigating the growing trend of violent robberies targeting crypto holders.
Decrypt5h ago
Korean inspection theft: 320 Bitcoins "found and recovered," quickly cashed out for $21.5 million to pay the national treasury
Gwangju District Prosecutors Office in South Korea recently sold 320.8 Bitcoin seized, cashing out 31.6 billion Korean Won. This batch of Bitcoin originally came from investigations into illegal gambling platforms from 2018 to 2021. Although there was an incident where Bitcoin was stolen by hackers due to a public official's mistake, the hackers later returned the Bitcoin. Authorities have conducted investigations and also discovered other cases of seized Bitcoin going missing.
区块客5h ago
French couple robbed at knifepoint by fake police during home invasion, forced to transfer approximately $1 million worth of Bitcoin
On March 10th, a French couple was attacked at home by three fake police officers armed with knives, forcing them to transfer approximately 900,000 euros worth of Bitcoin. The couple was injured and tied up, and the assailants fled. This case is the latest example of a "wrench attack" in cryptocurrency. Several similar incidents have occurred in France this year.
GateNews5h ago
National Internet Emergency Center issues OpenClaw security application risk warning, proposing four protective measures
The National Internet Emergency Center has issued a risk alert, as improper use of the OpenClaw agent has led to security vulnerabilities. Users are advised to strengthen network controls, enhance credential management, strictly regulate plugin sources, and stay updated on security updates to ensure safe application.
GateNews6h ago
Cosmos has disclosed a security vulnerability affecting some EVM Stack blockchains; the Saga chain has released a patch.
Gate News Announcement: On March 10, Cosmos Labs disclosed on the X platform that a recent security vulnerability affecting some blockchains built on Cosmos EVM Stack has been discovered. The vulnerability involves related functional modules and has impacted Layer 1 blockchains in the production environment.
GateNews6h ago
OpenClaw AI remains vulnerable after update; China Academy of Information and Communications Technology issues alert
Gate News Announcement, March 10th, experts from the China Academy of Information and Communications Technology issued a safety warning regarding the recently popular open-source AI agent OpenClaw (commonly known as "Lobster"). The experts pointed out that although the agent has been updated to the latest version and can fix known security vulnerabilities, this does not mean that all security risks have been completely eliminated. Previously, the Ministry of Industry and Information Technology's Cybersecurity Threat and Vulnerability Information Sharing Platform had issued related security risk alerts. (CCTV News)
GateNews7h ago
