Gate News 消息,3 月 12 日,中国国家工业信息安全发展研究中心发布《关于工业领域 OpenClaw 应用的风险预警通报》。通报指出,OpenClaw 目前正加速在工业领域研发设计、生产制造、运维管理等环节部署应用。由于 OpenClaw 存在信任边界模糊、多渠道统一接入、大模型灵活调用、双模持久化记忆等特点,一旦缺乏有效的权限控制策略或安全审计机制,可能因指令诱导、供应链投毒等被恶意接管,造成工控系统失控、敏感信息泄露等安全风险。具体风险包括:工业主机越权与生产失控风险、工业敏感信息泄露风险、工业企业攻击面扩展与攻击效果放大风险。通报建议工业企业参照《工业控制系统网络安全防护指南》《工业互联网安全分类分级管理办法》等相关要求,参考工业和信息化部网络安全威胁和漏洞信息共享平台(NVDB)已发布的「六要六不要」建议,在部署和应用 OpenClaw 时强化安全防护措施,包括加强控制权限管理、强化网络边界隔离、做好漏洞补丁修复。
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Gerelateerde artikelen
霍爾木茲海峽出現比特幣通行費詐騙,艘船支付後仍遭砲擊
據 CoinDesk 於 4 月 22 日報道,希臘海事風險服務公司 Marisks 發出警告,稱詐騙者冒充伊朗當局向多家航運公司發送訊息,索取比特幣或 USDT 作為通過霍爾木茲海峽的「通行費」。Marisks 確認相關訊息並非來自伊朗官方管道,並據路透社報道,表示相信至少有一艘船上當受騙,在週末嘗試通過時仍遭砲擊。
MarketWhisper3m geleden
RHEA Finance 安全事件更新:剩餘約 40 萬美元缺口,承諾全額賠付
RHEA Finance 發布針對 4 月 16 日安全事件的後續更新,確認在資產追回方面已取得實質進展;截至此次更新,估計仍存在約 40 萬美元的資金缺口,主要源於借貸市場資金池中 NEAR、USDT 及 USDC 的組合。RHEA Finance 承諾全額彌補任何剩餘缺口,確保所有受影響用戶獲得完整補償。
MarketWhisper19m geleden
Researcher Discloses Critical CVSS 7.1 Zero-Day Vulnerability in Cosmos Consensus Layer CometBFT
Security researcher Doyeon Park disclosed a CVSS 7.1 zero-day in Cosmos' CometBFT causing potential node freezes during sync; vendor resistance, downgrades, and disclosure led to April 21 reveal; validators should avoid restarts before patch.
Abstract: Security researcher Doyeon Park disclosed a critical CVSS 7.1 zero-day vulnerability in Cosmos' CometBFT consensus layer that could cause nodes to freeze during block synchronization, potentially affecting networks securing over $8 billion in assets. The vulnerability cannot directly steal funds. Park pursued coordinated disclosure beginning Feb 22, but faced vendor resistance to public disclosure and issues with HackerOne. The vendor downgraded a related vulnerability (CVE-2025-24371) to informational on Mar 6, prompting Park to release a network-level proof-of-concept before public disclosure on Apr 21. The advisory recommends Cosmos validators avoid restarting nodes until patches are released; nodes already in consensus may continue but restart and resync could expose them to attacks by malicious peers, risking deadlock.
GateNews26m geleden
Venus Attacker Transfers 2,301 ETH to Mixer, Tornado Cash Used for Laundering
On-chain analysis tracks a Venus protocol attacker moving 2,301 ETH (~$5.32M) to a suspected wallet, then batching through Tornado Cash; about $17.45M remains on-chain.
Abstract: This note summarizes on-chain activity related to a Venus protocol attacker, including the transfer of 2,301 ETH (~$5.32M) to a wallet and batch-mixing via Tornado Cash, with approximately $17.45M still held on-chain.
GateNews26m geleden
Scammers Impersonating Iranian Authorities Demand Bitcoin and USDT as Strait Passage Fees; At Least One Vessel Attacked After Payment
Gate News message, April 22 — Scammers posing as Iranian authorities are demanding cryptocurrency payments in Bitcoin or USDT from shipping companies in exchange for safe passage through the Strait of Hormuz, according to CoinDesk. Greek maritime risk firm Marisks has issued a warning that
GateNews30m geleden
Volo Protocol 金庫遭攻擊損失 350 萬,剩餘 TVL 確認安全
Sui 生態系統協議 Volo 在 X 平台發布聲明,確認發生安全漏洞,導致 3 個特定金庫中約 350 萬美元資產被盜,涉及 WBTC、XAUm 及 USDC。Volo 表示已在檢測到攻擊後立即通知 Sui 基金會及生態系統合作夥伴,凍結所有金庫以防止進一步損失;Volo 承諾承擔全部損失,不讓用戶承擔任何責任。
MarketWhisper33m geleden
