BlockBeats News, February 20 — Co-founder of SlowMist, Yu Xian, reposted a security alert. Currently, OpenClaw’s ClawHub marketplace has identified 1,184 malicious skills that can steal SSH keys, crypto wallets, browser passwords, and open reverse shells. A single attacker has uploaded 677 packages. The top-ranked skill contains 9 vulnerabilities and has been downloaded thousands of times.
Yu Xian warned users that text is no longer just text, but instructions. It is recommended to use AI tools in a separate environment, as many OpenClaw skills pose potential risks. Additionally, in Web3 security, smart contracts are only part of the picture; the true causes of incidents have long gone beyond just the contracts. A few days ago, Moonwell was hacked for $1.78 million, with the flawed code originating from Co-Authored-By: Claude Opus 4.6.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
GAIB Frontend Suffers Security Attack, Users Reminded to Pause Interactions
Gate News, March 16: AI infrastructure project GAIB announced that its front-end webpage is currently facing security issues, warning users not to interact with the site until further notice. GAIB emphasized that user funds and smart contracts remain secure and unaffected. The team stated that they are actively working to resolve the problem and will provide further updates once the website is fully restored.
GateNews19m ago
Venus Protocol Probes Malicious Activity in $THE Pool Amid Flash Loan Speculation
Venus Protocol is investigating suspicious activity indicating a potential Flash Loan attack on the $THE and $CAKE pools. This has led to the suspension of borrows and withdrawals of $THE, as the platform assesses the risk and community concerns surrounding possible market manipulation.
BlockChainReporter3h ago
South Korean Court Rejects Flow Foundation's Request to Stop Three Exchanges from Delisting FLOW
The Seoul Central District Court in South Korea rejected a motion for a preliminary injunction filed by the Flow Foundation and Dapper Labs against three exchanges, supporting their termination of FLOW trading. The court determined that there was insufficient evidence and prioritized investor protection. FLOW remains tradable on Korbit, but has been delisted from the other three exchanges.
GateNews5h ago
Steam 8 games embedded with malware, FBI targets victims from 2024 to 2026
The U.S. FBI is investigating 8 PC games on the Steam platform that are suspected of containing malware, primarily targeting users who downloaded them between 2024 and 2026. Victims can submit information through the FBI to receive compensation. This incident demonstrates that Steam's massive user base makes it a target for malicious attacks, and cryptocurrency assets are becoming a primary target of such attacks.
MarketWhisper6h ago
Million-Dollar Trading Influencer Exposed for Profiting from Selling Courses: Where's the Line Between Trading Experts and Content Influencers?
U.S. trading influencer ImanTrading recently accused fellow trading influencer TJR (Tyler Riches) in a video of profiting from courses and signal groups rather than actual trading. The video revealed that TJR previously borrowed money from friends to trade and incurred losses, and pointed out that his trading performance shows signs of falsification. Additionally, TJR's paid courses have been questioned for having more participants than claimed, with the actual teaching quality difficult to verify. The incident has sparked discussions about the boundary between influencers and legitimate traders.
ChainNewsAbmedia7h ago
Venus Protocol Hacked for $3.7 Million Loss: $THE Low-Liquidity Tokens Became Attack Vector, BNB Chain DeFi Sounds Alarm Again
Decentralized lending protocol Venus Protocol was attacked for approximately $3.7 million on March 15, 2026, resulting in $2.18 million in bad debt. The attacker conducted a sophisticated attack by manipulating the price of low-liquidity token $THE, combining on-chain lending with off-chain derivatives, exposing systemic risks. The incident prompted the industry to re-examine collateral eligibility standards and risk parameter design.
ChainNewsAbmedia8h ago
