PANews 3月2日消息,GoPlus中文社区发布预警,OpenClaw Gateway现高危漏洞,请立即升级至2026.2.25或更高版本,审计并撤销授予Agent实例的不必要凭证、API密钥和节点权限。其分析称,OpenClaw通过绑定到本地主机的WebSocket Gateway运行,该Gateway作为Agent的核心协调层,是OpenClaw的重要组成部分。此次攻击针对的就是Gateway层的弱点,只需满足一个条件:用户在浏览器中访问被黑客控制的恶意网站。
完整攻击链如下:
1.受害者在其浏览器中访问攻击者控制的恶意网站;
2.页面中的JavaScript向本地主机上的OpenClaw网关发起WebSocket连接;
3.之后,攻击脚本以每秒数百次尝试暴力破解网关密码;
4.破解成功后,攻击脚本静默注册为受信任设备;
5.攻击者获得Agent的管理员级控制权;
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Articoli correlati
Russian Hacker Jailed for 81 Months Over $9M Ransomware Attacks
Aleksei Volkov, a Russian citizen, was sentenced to 81 months in U.S. prison for aiding ransomware attacks exceeding $9 million in losses. As an "initial access broker," he sold unauthorized network access. He owes $9.2 million in restitution and must forfeit crime-related equipment.
Decrypt37m fa
Resolv Hack Mints $80M Fake USR, Triggers Market Chaos
A security breach at Resolv Labs allowed attackers to mint 80 million uncollateralized USR stablecoins, causing a price collapse and market instability. Resolv paused contracts, burned illicit tokens, and confirmed $141 million in secure collateral.
CryptoFrontNews3h fa
遭駭 1.1 億美元成最後稻草!DeFi 協議 Balancer 開發公司將終止營運
交易協議 Balancer 面臨重大轉折,創辦人宣布 Balancer Labs 將結束營運,協議將以精簡形式繼續運行。這一決定源於資安漏洞及法律風險,現行營運模式難以維持。儘管 TVL 大幅下滑,Balancer 仍創造年化手續費收入超過 100 萬美元,團隊提出激進重組方案,包括代幣回購、收入結構改革,並聚焦五個核心產品線。在變革後,團隊將專注於提升協議的競爭力。
区块客5h fa
Venus 闪电贷攻击者 50 分钟前转移 1743 枚 ETH 至新地址
据分析师监测,Venus 平台的闪电贷攻击者转移了 1743 枚 ETH,地址持仓已达 7450 枚 ETH,资金用于 Aave 理财。Venus 自 2021 年以来遭遇多次安全事件,损失超 2.7 亿美元。
GateNews5h fa
穩定幣 USR 閃崩脫鉤!Resolv 爆「鑄幣漏洞」遭駭客捲走 2,500 萬美元
DeFi 協議 Resolv 在 3 月 22 日遭受攻擊,駭客以低成本鑄造 8,000 萬枚穩定幣 USR,套現約 2,500 萬美元,導致 USR 價格脫鉤並引發市場波動。攻擊源於協議的特權帳戶缺乏安全措施,影響了整體流動性,並使借貸市場受到衝擊。Resolv 因此暫停協議並強調抵押池未受損,但專家認為事件造成的隱形損失不容小覷。
区块客7h fa
丈夫控妻子竊取 2 千多枚比特幣!法官:原告勝訴機率非常高
英國高等法院審理一起比特幣失竊案,原告指控其分居妻子在2023年秘密竊取2,323枚比特幣。案件中,原告用錄音證據證明被告與其姊妹計劃轉移比特幣。法官認為原告勝訴機率高,命令凍結資產並駁回部分訴訟請求,建議儘快開庭審理。
区块客8h fa
