BlockBeats News, February 20 — Co-founder of SlowMist, Yu Xian, reposted a security alert. Currently, OpenClaw’s ClawHub marketplace has identified 1,184 malicious skills that can steal SSH keys, crypto wallets, browser passwords, and open reverse shells. A single attacker has uploaded 677 packages. The top-ranked skill contains 9 vulnerabilities and has been downloaded thousands of times.
Yu Xian warned users that text is no longer just text, but instructions. It is recommended to use AI tools in a separate environment, as many OpenClaw skills pose potential risks. Additionally, in Web3 security, smart contracts are only part of the picture; the true causes of incidents have long gone beyond just the contracts. A few days ago, Moonwell was hacked for $1.78 million, with the flawed code originating from Co-Authored-By: Claude Opus 4.6.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Cybersecurity company warns: phishing websites impersonating Pudgy Penguins' new game are attempting to steal wallet passwords
Cybersecurity firm Malwarebytes Labs has warned that a fraudulent website pudgypengu-gamegifts[.]live is impersonating the Pudgy Penguins game in an attempt to steal users' cryptocurrency wallet passwords. The phishing site mimics the interface of legitimate wallets to deceive visitors. Users are advised to access official websites through trusted bookmarks, and to remain vigilant against social media links and wallet password prompts.
GateNews49m ago
Taipei 4 Days 3 Cryptocurrency Robberies, "Quick Withdrawal" Tactics Lure People into Trap
Taipei has experienced three cryptocurrency robbery cases in a short period of time, with criminal gangs using social media with various tactics to lure victims into meeting to exchange USDT, followed by robbery. Police remind the public that they must conduct transactions through legitimate exchanges to avoid risks. Some criminal organizations have even used AI to create fake accounts to spread false information and mislead the public into participating in illegal transactions.
MarketWhisper57m ago
OpenClaw Founder Issues Warning: CLAW Fake Airdrop Scams Incoming, GitHub Developers Targeted
OpenClaw founder Peter Steinberger warned users to be vigilant against phishing emails that impersonate GitHub notifications, luring users to click suspicious links to obtain fake tokens. The attack targets developers worldwide, with attackers using publicly available contact information for precision attacks. To prevent fraud, users should only trust information from official websites and delete any suspicious emails.
MarketWhisper1h ago
Slowmist余弦 Questions Certain CEX Requiring Users to Input Plain Text Seed Phrases Page: Baffling
Gate News reported that on March 19th, Slow Mist founder Yu Xian posted on the X platform expressing doubt about a page on a certain CEX requesting users to enter plaintext seed phrases for asset recovery. Yu Xian stated that such an unsafe practice is bewildering, and he even briefly suspected the subdomain had been hacked.
GateNews1h ago
CertiK Attends DC Blockchain Summit: Supply Chain Attacks Exceeded $1.45 Billion in 2025, Cross-Chain Bridges Become High-Value Attack Targets
At the US DC Blockchain Summit, CertiK Chief Business Officer Jason Jiang discussed crypto security and regulation, highlighting the risks of smart contract vulnerabilities and cross-chain bridges. He warned that significant supply chain attacks could occur in 2025, called for stronger regulatory frameworks to foster security cooperation, and engaged with lawmakers on market development and consumer protection.
GateNews1h ago
FBI Flags Criminal Network Exploiting Crypto ATMs With Fake Law Enforcement Threats
The FBI warns of rising impersonation scams involving cryptocurrency payments, as fraudsters use urgency and evolving tactics to pressure victims into quick financial decisions and drive increasing financial losses.
FBI Warns of Rising Law Enforcement Impersonation Scams
A new warning from the FB
Coinpedia2h ago
