PANews March 2 News, GoPlus Chinese Community issued an alert: OpenClaw Gateway currently has a high-severity vulnerability. Please upgrade immediately to version 2026.2.25 or higher, audit and revoke unnecessary credentials, API keys, and node permissions granted to Agent instances. The analysis states that OpenClaw runs through a WebSocket Gateway bound to the localhost, which serves as the core coordination layer for the Agent and is an important component of OpenClaw. The attack targets the weakness in the Gateway layer, requiring only one condition: the user accesses a malicious website controlled by hackers in their browser.
The complete attack chain is as follows:
- The victim visits a malicious website controlled by the attacker in their browser;
- JavaScript on the page initiates a WebSocket connection to the OpenClaw Gateway on the localhost;
- Subsequently, the attack script attempts to brute-force the gateway password hundreds of times per second;
- After successfully cracking the password, the attack script silently registers as a trusted device;
- The attacker gains administrator-level control of the Agent.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
DeFi Protocol Neutrl Frontend Suspected of Attack, Officials Recommend Users Pause Interaction and Revoke Authorization
Gate News reported that on March 19, DeFi protocol Neutrl issued a security alert on X platform, stating that its frontend was suspected of being attacked and the team is conducting an urgent investigation. For security reasons, Neutrl officially recommends that users suspend any interaction with the website pending further updates. Additionally, Neutrl reminds users to promptly visit Revoke.cash to revoke Permit2 authorization for the relevant addresses, and to check for any suspicious address authorizations and revoke them in a timely manner to reduce potential asset risks.
GateNews59m ago
Pudgy World Counterfeit! Malwarebytes Warns of Phishing Website Stealing Wallet Passwords
Cybersecurity company Malwarebytes has warned of a fake website "pudgypengu-gamegifts[.]live" impersonating the newly launched Pudgy World game, attempting to steal cryptocurrency wallet passwords. The attackers meticulously replicated 11 wallet interfaces, exploiting players' trust in connecting wallets. Experts recommend that users access official websites only through bookmarks and remain vigilant against any prompts requesting wallet passwords to be entered on web pages.
MarketWhisper1h ago
OpenClaw Developer Targeted by GitHub Phishing Attack, Fake Airdrop Website Steals Wallet Funds
Security platform OX Security disclosed that OpenClaw developers became targets of cryptocurrency phishing attacks. Attackers used fake GitHub accounts to direct developers to cloned websites to steal wallet assets. The malicious code was hidden and included browser data deletion functionality. The related accounts were quickly removed, and no victims have been confirmed yet.
GateNews1h ago
A user lost $85,000 in sNUSD due to signing a malicious Approve transaction.
Gate News reported that on March 19, according to GoPlus monitoring, a user suffered a phishing attack by signing a malicious Approve transaction, resulting in a loss of approximately 85,000 USD in sNUSD.
GateNews1h ago
Meta AI Agent Out of Control Causes Sensitive Data Leak for Two Hours, Incident Classified as Sev 1
On March 19th, Meta experienced an AI Agent runaway incident where an employee sought help on a forum after an AI Agent independently posted incorrect recommendations, resulting in unauthorized access to large amounts of data. The incident was classified as a "Sev 1" security risk, indicating this is a recurring problem the company has faced.
GateNews2h ago
