PANews March 2 News, GoPlus Chinese Community issued an alert: OpenClaw Gateway currently has a high-severity vulnerability. Please upgrade immediately to version 2026.2.25 or higher, audit and revoke unnecessary credentials, API keys, and node permissions granted to Agent instances. The analysis states that OpenClaw runs through a WebSocket Gateway bound to the localhost, which serves as the core coordination layer for the Agent and is an important component of OpenClaw. The attack targets the weakness in the Gateway layer, requiring only one condition: the user accesses a malicious website controlled by hackers in their browser.
The complete attack chain is as follows:
- The victim visits a malicious website controlled by the attacker in their browser;
- JavaScript on the page initiates a WebSocket connection to the OpenClaw Gateway on the localhost;
- Subsequently, the attack script attempts to brute-force the gateway password hundreds of times per second;
- After successfully cracking the password, the attack script silently registers as a trusted device;
- The attacker gains administrator-level control of the Agent.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Resolv Foundation suspends Season 4 airdrop claims and RESOLV token staking functions
Gate News: On March 25, Resolv Foundation announced that due to recent security incidents involving Resolv Labs' stablecoin USR, both the protocol and applications have been suspended. Season 4 airdrop claiming functionality is temporarily unavailable, and staking and unstaking functions for RESOLV tokens are also temporarily unavailable. Once the protocol recovery plan is finalized and the application can be safely used again, the relevant functions will be restored.
GateNews7h ago
ZachXBT: Russian OTC Broker Allegedly Assists Ransomware Money Laundering Over $4.7 Million, Funds Bridged from BTC to Avalanche
On-chain detective ZachXBT disclosed that Russian OTC broker Aleksandr Khinkis has allegedly assisted in laundering $4.7 million in ransomware proceeds since July 2025, involving 796 Bitcoin. The suspicious funds were transferred cross-chain to Avalanche and deposited into Aave, with frequent activity in Southeast Asia and Australia. ZachXBT is calling on victims to report relevant addresses to improve freezing efficiency.
GateNews9h ago
Husband accuses wife of stealing over 2,000 bitcoins! Judge: The plaintiff has a very high chance of winning.
The UK High Court is hearing a Bitcoin theft case in which the plaintiff alleges his estranged wife secretly stole 2,323 Bitcoin in 2023. In the case, the plaintiff used audio evidence to prove that the defendant and her sister planned to transfer the Bitcoin. The judge found a high probability of the plaintiff prevailing and ordered asset freezing while dismissing some claims, recommending expedited trial proceedings.
区块客10h ago
Resolv: Pre-liquidation USR wallet has redeemed over $77 million in funds
BlockBeats news, March 25: Resolv released the latest update on the hacking incident. Over the past two days, pre-liquidation USR wallets have redeemed over $77 million in funds, accounting for over 90% of that group's total, with the first phase of recovery work achieving significant progress.
Next steps:
• The redemption process for this group is actively being completed;
• Work on subsequent phases has been initiated, which will cover the remaining other user groups.
BlockBeatNews11h ago
500 Bitcoin Transferred, Europol Cracks Old Wallet
A portion of Bitcoin held by Clifton Collins has attracted attention again, with 500 bitcoins successfully transferred to a new address, sparking speculation about how the private keys were obtained. This transfer involves multiple wallets, demonstrates enhanced tracking capabilities by law enforcement, and serves as a warning to Bitcoin holders to strengthen their private key management.
GateNews11h ago
Drug Trafficker's 500 Bitcoin Seized "See the Light of Day"! Behind It Lies a Criminal Asset Recovery Operation
Irish police successfully cracked the Bitcoin wallet of a convicted drug dealer, seizing 500 BTC valued at over $35.6 million. The assets belonged to drug trafficker Clifton Collins and had been inaccessible for years due to lost private keys. With assistance from Europol, police regained control of the wallet, with hopes of recovering more Bitcoin in the future.
区块客11h ago
