Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
More
China Internet Finance Association: Risk Warning Regarding OpenClaw Application Security in the Internet Finance Industry
Source: China Internet Finance Association
Recently, the download and usage of the open-source AI agent OpenClaw (“Lobster”) have continued to rise. This AI agent typically defaults to high system permissions, allowing it to directly control computers and other devices based on natural language commands. Recently, the Cybersecurity Threat and Vulnerability Information Sharing Platform (NVDB) of the Ministry of Industry and Information Technology and the National Internet Emergency Center (CNCERT) issued related security risk alerts. Currently, the online and digital transformation of the internet finance industry is highly advanced, handling critical sensitive information such as customer funds, assets, accounts, and personal financial data. While OpenClaw can improve work efficiency, its default high system permissions and weak security configurations make it vulnerable to exploitation by attackers, potentially becoming a breach point for stealing sensitive data or illegally controlling transactions, posing serious risks to the industry. In response, the China Internet Finance Association issues the following risk warnings:
(1) Funds Loss Risk
OpenClaw has publicly disclosed multiple medium- and high-risk vulnerabilities that attackers can exploit or inject prompts to gain control of devices. Additionally, its commonly used functional plugins (Skills) lack effective community security review mechanisms, with several malicious plugin poisoning incidents reported. In financial scenarios, these risks could be exploited to steal online banking passwords, payment keys, securities trading API credentials, and other sensitive financial information, leading to unauthorized access to online banking, securities systems, and causing customer fund losses.
(2) Transaction Responsibility Risk
OpenClaw can autonomously perform multiple steps, and some users have used it for stock monitoring and investment strategy backtesting. Automated operations may result in mis-transfers or unintended purchases of investment products, causing actual financial losses. Currently, AI technology does not have full explainability, making it difficult to determine responsibility after automated financial transactions, with significant legal uncertainty.
(3) Data Compliance Risk
OpenClaw has persistent memory functions, storing data generated during operation in local session records and memory files. When calling large model APIs or performing other operations, relevant data may be transmitted to third parties. Internet finance involves highly sensitive data such as credit reports, loan approval materials, and transaction records. Once this data enters the AI processing chain, its access scope and retention period may exceed necessary business purposes, raising compliance risks in financial data management.
(4) New Scam Risks
Malicious actors may conduct investment scams using phrases like “AI stock trading” or “guaranteed profit,” and exploit the “Lobster” hype to mass-produce fake financial institution information, tricking the public into downloading counterfeit apps or transferring funds to designated accounts. Additionally, scammers may impersonate “installation agents” or use “remote debugging” to gain control of consumers’ devices, planting malicious programs or stealing sensitive financial information. Reports show a rapid increase in AI-related financial scams, and the public’s ability to recognize such new scam methods needs improvement.
In response to these risks, the China Internet Finance Association offers the following advice:
(1) Financial consumers should exercise extreme caution when installing OpenClaw on devices used for online banking, securities trading, or payments. If installation is necessary, avoid granting system operation permissions related to financial services, promptly follow up on OpenClaw vulnerability fixes, strictly control plugin installations, and avoid entering sensitive information such as ID numbers, bank card numbers, or payment passwords during use. Note that running such applications may incur high token costs when calling large model APIs, so users should monitor this closely.
(2) Be highly alert to financial scams claiming “虾养理财” (“shrimp farming wealth management”), “AI stock trading,” or “guaranteed profits.” Always conduct transfers and investments through official channels, and do not trust others claiming to “install on your behalf” or “remote debugging” to access your devices.
(3) Financial institutions should refrain from installing OpenClaw on devices involved in customer data processing, fund operations, risk control, or transaction execution. Do not input customer financial information, transaction data, or loan approval materials into this AI agent or connect it to processing chains.
(4) Financial institutions should incorporate the security management of AI agents like OpenClaw into their overall information security framework. Organize specialized security training for staff to enhance their ability to identify and prevent risks associated with such AI applications.
China Internet Finance Association
March 15, 2026