BlockBeats News, February 20 — Co-founder of SlowMist, Yu Xian, reposted a security alert. Currently, OpenClaw’s ClawHub marketplace has identified 1,184 malicious skills that can steal SSH keys, crypto wallets, browser passwords, and open reverse shells. A single attacker has uploaded 677 packages. The top-ranked skill contains 9 vulnerabilities and has been downloaded thousands of times.
Yu Xian warned users that text is no longer just text, but instructions. It is recommended to use AI tools in a separate environment, as many OpenClaw skills pose potential risks. Additionally, in Web3 security, smart contracts are only part of the picture; the true causes of incidents have long gone beyond just the contracts. A few days ago, Moonwell was hacked for $1.78 million, with the flawed code originating from Co-Authored-By: Claude Opus 4.6.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
The truth behind the LUNA crash? Someone predicted the $40 billion evaporation 10 minutes in advance
Written by: Cosmic Wave Naruto, Deep Tide TechFlow
In May 2022, $40 billion evaporated within 72 hours.
It was the most devastating crash in the history of cryptocurrency. Once hailed as the "crown jewel of algorithmic stablecoins," UST plummeted from $1 to worthless paper within days; Luna, which had a market cap of nearly $40 billion, fell from a high of $116 to nearly zero.
Millions of ordinary investors lost their savings that early summer. They kept refreshing their screens, staring at the continuously falling candlestick chart, clueless about what was happening or what to do.
The official explanation came quickly: the algorithm was flawed, Do Kwon lied, and the market naturally died. Most people accepted this answer, attributing the catastrophe to "another lesson in the crypto world," and then moved on.
This explanation held for nearly four years.
PANews21m ago
Fake Windows ads stealing recovery phrases! Facebook pushes a "Free Upgrade to Win11" post, mimicking the official Microsoft website, making it hard to distinguish real from fake.
Hackers are running fake "Windows 11" update ads on Facebook to trick users into downloading malicious software called "Lunar Application," which is designed to steal cryptocurrency wallet seed phrases and login credentials. The attackers use highly realistic Microsoft branding and websites, combined with geofencing technology to evade security detection. Users should exercise caution, only download updates from official sources, and protect their seed phrases.
動區BlockTempo1h ago
U.S. Seizes $61 Million USDT, "Pig Butchering" Scam Money Laundering Chain Crumbles
The Eastern District of North Carolina Federal Prosecutor's Office announced on February 24th that federal agents have seized over $61 million worth of Tether (USDT). Asset tracking shows that these cryptocurrency addresses are directly linked to money laundering activities related to "Pig Butchering" investment scams. The investigation was led by the U.S. Immigration and Customs Enforcement in Raleigh, North Carolina, with Tether assisting in the asset transfer process.
MarketWhisper2h ago
Security Reminder: Hackers Use Facebook to Run Fake Windows 11 Update Ads to Steal Cryptocurrency
Hackers have placed fake Windows 11 update ads on Facebook to lure cryptocurrency users into downloading malicious software "LunarApplication," stealing wallet seed phrases and sensitive information, and using geofencing technology to evade detection.
GateNewsBot3h ago
An Ethereum user lost nearly $390,000 after signing a phishing authorization transaction.
ChainCatcher reports that, according to Scam Sniffer monitoring, an Ethereum user lost $388,051 after signing a phishing token authorization transaction.
GateNewsBot3h ago
U.S. sanctions Russian hacking company Operation Zero for cryptocurrency funding of stolen proprietary software
The U.S. Department of the Treasury has imposed sanctions on Russian cybersecurity company Operation Zero and its leaders for using cryptocurrency to fund activities that steal U.S. commercial secrets, involving cybersecurity threats. This action stems from an investigation into Australian citizen Peter Williams, who admitted to stealing secrets for compensation. The government stated it will continue to protect national security.
GateNewsBot5h ago
