PANews March 2 News, GoPlus Chinese Community issued an alert: OpenClaw Gateway currently has a high-severity vulnerability. Please upgrade immediately to version 2026.2.25 or higher, audit and revoke unnecessary credentials, API keys, and node permissions granted to Agent instances. The analysis states that OpenClaw runs through a WebSocket Gateway bound to the localhost, which serves as the core coordination layer for the Agent and is an important component of OpenClaw. The attack targets the weakness in the Gateway layer, requiring only one condition: the user accesses a malicious website controlled by hackers in their browser.
The complete attack chain is as follows:
- The victim visits a malicious website controlled by the attacker in their browser;
- JavaScript on the page initiates a WebSocket connection to the OpenClaw Gateway on the localhost;
- Subsequently, the attack script attempts to brute-force the gateway password hundreds of times per second;
- After successfully cracking the password, the attack script silently registers as a trusted device;
- The attacker gains administrator-level control of the Agent.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Beware! Meme Coin Platform Bonk.fun Official Website Hijacked by Hackers, Users' Cryptocurrencies at Risk of Being Stolen
Solana ecosystem platform Bonk.fun was hacked with malicious code injected, resulting in theft of funds from some users. The team stated losses are limited and advised users not to interact until the vulnerability is patched. Global cryptocurrency fraud losses have reached $17 billion in 2025, with scam tactics evolving rapidly.
CryptoCity15m ago
Etherscan Warning: Address Poisoning Attacks Surge 612% Following Ethereum Fusaka Upgrade
Etherscan warns that after the Fusaka upgrade, Ethereum address poisoning attacks surged 612%, with 17 million attempts, affecting 1.3 million users, resulting in losses of $79.3 million. The platform recommends users manually verify addresses, use ENS domains, and other security measures.
GateNews35m ago
Project 0 Founder: The website redirect attack from yesterday has been resolved; a user who lost $1,000 will receive full compensation.
On March 13, Project 0 founder MacBrennan announced that a team member's GitHub key was compromised, and the attacker redirected users to other websites. The team detected and prevented the vulnerability in time, avoiding any loss of funds, but one user lost $1,000, and the platform will issue a full refund.
GateNews55m ago
GI-TOC Latest Report: USDT Becomes New Tool for Gold Laundering in Venezuela
The Global Initiative Against Transnational Organized Crime (GI-TOC) report indicates that Venezuela has become a major destination for illegal Amazon gold and conducts transactions through USDT (Tether), functioning as a money laundering hub. The article also discusses U.S. Congressional legislation targeting illegal gold mining, emphasizing the need to incorporate digital asset provisions to enhance effectiveness.
MarketWhisper1h ago
SlowMist: ClawHub Developers Need to Be Alert to Phishing and Credential Leakage Risks
Slowmist's Chief Information Security Officer issued a security warning, reminding ClawHub developers to be vigilant against phishing and credential exposure risks. The attack pathway involves credential theft leading to malicious code injection, which could result in system compromise.
GateNews2h ago
Vitalik Buterin Proposes "Duress Code" Security Solution to Protect Cryptocurrency Holders from Robbery
Ethereum co-founder Vitalik Buterin has proposed a new personal security solution that enhances the safety of cryptocurrency holders through a "duress code alert mechanism." Users can set a duress code in smart devices that, when triggered, automatically calls emergency services and transmits location information, thereby increasing rescue probability and reducing risks of kidnapping and robbery. This solution emphasizes passive triggering to protect civil liberties and reduce the potential for government surveillance, potentially offering new security protection ideas for crypto asset users.
GateNews2h ago
