PANews 3月2日消息,GoPlus中文社区发布预警,OpenClaw Gateway现高危漏洞,请立即升级至2026.2.25或更高版本,审计并撤销授予Agent实例的不必要凭证、API密钥和节点权限。其分析称,OpenClaw通过绑定到本地主机的WebSocket Gateway运行,该Gateway作为Agent的核心协调层,是OpenClaw的重要组成部分。此次攻击针对的就是Gateway层的弱点,只需满足一个条件:用户在浏览器中访问被黑客控制的恶意网站。
完整攻击链如下:
1.受害者在其浏览器中访问攻击者控制的恶意网站;
2.页面中的JavaScript向本地主机上的OpenClaw网关发起WebSocket连接;
3.之后,攻击脚本以每秒数百次尝试暴力破解网关密码;
4.破解成功后,攻击脚本静默注册为受信任设备;
5.攻击者获得Agent的管理员级控制权;
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Gerelateerde artikelen
XRPL Validator Sounds Alarm to XRP Users on Social Engineering Threat - U.Today
XRP Ledger validator Vet warns the XRP community after a social engineering scam drained $280 million from Solana's Drift Protocol, highlighting the need for caution and vigilance among builders in light of increasing crypto vulnerabilities.
UToday12m geleden
律师称 Drift Protocol 2.8 亿美元攻击事件或构成民事过失
律师Ariel Givner指出,Drift Protocol因未遵循基本安全程序,导致2.8亿美元攻击事件,可能构成民事过失。攻击者经过6个月的策划,利用信任关系盗取开发者设备,目前已有针对Drift的集体诉讼广告流传。
GateNews9u geleden
AI is making crypto's security problem even worse, Ledger CTO warns
Crypto platforms — and investors — have long suffered from hacker attacks and exploits. Now, artificial intelligence (AI) is making that threat even worse.
That’s the view of Charles Guillemet, chief technology officer at crypto wallet provider Ledger, who said the economics of cybersecurity are
CoinDesk19u geleden
Drift Protocol 遭竊 2.85 億美元:北韓駭客準備 6 個月,利用 Durable Nonce 繞過多簽
Solana 鏈上 Drift Protocol 在 4 月 1 日遭到駭客攻擊,損失約 2.85 億美元,TVL 驟降。調查發現,攻擊者進行了長達 6 個月的社會工程學滲透,利用 Durable Nonce 繞過多簽,凸顯國家級駭客對 DeFi 的威脅,並引發對 Circle 反應速度的質疑。
ChainNewsAbmedia20u geleden
