PANews 3月2日消息,GoPlus中文社区发布预警,OpenClaw Gateway现高危漏洞,请立即升级至2026.2.25或更高版本,审计并撤销授予Agent实例的不必要凭证、API密钥和节点权限。其分析称,OpenClaw通过绑定到本地主机的WebSocket Gateway运行,该Gateway作为Agent的核心协调层,是OpenClaw的重要组成部分。此次攻击针对的就是Gateway层的弱点,只需满足一个条件:用户在浏览器中访问被黑客控制的恶意网站。
完整攻击链如下:
1.受害者在其浏览器中访问攻击者控制的恶意网站;
2.页面中的JavaScript向本地主机上的OpenClaw网关发起WebSocket连接;
3.之后,攻击脚本以每秒数百次尝试暴力破解网关密码;
4.破解成功后,攻击脚本静默注册为受信任设备;
5.攻击者获得Agent的管理员级控制权;
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Gerelateerde artikelen
Ledger wallet bị lừa đảo, giới chức Mỹ thu hồi hơn 600.000 USD
Ledger wallet bị lừa đảo, giới chức Mỹ thu hồi hơn 600.000 USD
Văn phòng Luật sư Hoa Kỳ tại Connecticut đã tịch thu hơn 600.000 USD crypto từ vụ lừa đảo nhắm vào người dùng Ledger, siết rủi ro dòng tiền on-chain.
Ledger wallet xuất hiện trong tâm điểm một vụ lừa đảo crypto vừa bị giới chức Hoa Kỳ
TapChiBitcoin3m geleden
US Attorney's Office Recovers $600K in Crypto Fraud Scheme Targeting Ledger Wallet Owners
In brief
The U.S. Attorney's Office for Connecticut has recovered more than $600,000 in cryptocurrency from a fraud scheme.
The fraud targeted a Ledger hardware wallet user with a phishing letter directing them to perform a security check, stealing $234,000 in crypto.
The case is the
Decrypt5m geleden
Resolv Exploit Update Leaves Key Recovery Questions
Resolv Labs updated users on the recent exploit that minted 80 million USR tokens. While whitelisted holders have largely redeemed their tokens, non-whitelisted users and RLP holders face delays. Investigations found no insider involvement, but recovery remains uncertain.
CryptoFrontNews1u geleden
Wormhole 回应 Drift Protocol 攻击事件:用户资产暂无风险,部分 Solana 跨链或有延迟
Gate News 消息,4 月 2 日,Wormhole 在 X 平台发文回应 Drift Protocol 攻击事件影响。Wormhole 表示,用户资产暂未面临风险,跨链桥功能仍可正常使用。但由于针对 Solana 设置的内置安全机制,部分跨链转账可能出现延迟。Wormhole 核心贡献者已与 Solana 生态团队保持沟通,并将根据需要持续提供支持。
GateNews2u geleden
Solana 基金会 CPO:Drift 安全事件属个案,不代表 Solana DeFi 存在系统性问题
Solana 基金会首席产品官 Vibhu Norby 回应 Drift Protocol 安全事件,确认遭遇攻击,攻击原因仍在调查中。事件与运维安全或社会工程有关,强调多签机制的潜在风险,并称此次事件不代表 Solana DeFi 的系统性问题。
GateNews3u geleden
Ledger CTO:Drift 攻击手法与 2025 年某 CEX 事件类似,或涉及朝鲜黑客
Ledger CTO Charles Guillemet 指出,Drift Protocol 的漏洞利用方式与2025年某CEX黑客事件相似,且安全问题主要源于人员与运营,而非代码缺陷。攻击者通过渗透多签设备诱导签名者批准恶意交易。
GateNews3u geleden
