PANews 3月2日消息,GoPlus中文社区发布预警,OpenClaw Gateway现高危漏洞,请立即升级至2026.2.25或更高版本,审计并撤销授予Agent实例的不必要凭证、API密钥和节点权限。其分析称,OpenClaw通过绑定到本地主机的WebSocket Gateway运行,该Gateway作为Agent的核心协调层,是OpenClaw的重要组成部分。此次攻击针对的就是Gateway层的弱点,只需满足一个条件:用户在浏览器中访问被黑客控制的恶意网站。
完整攻击链如下:
1.受害者在其浏览器中访问攻击者控制的恶意网站;
2.页面中的JavaScript向本地主机上的OpenClaw网关发起WebSocket连接;
3.之后,攻击脚本以每秒数百次尝试暴力破解网关密码;
4.破解成功后,攻击脚本静默注册为受信任设备;
5.攻击者获得Agent的管理员级控制权;
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Gerelateerde artikelen
ZachXBT:发现 10 余个高粉丝量 X 账号协作推广加密诈骗项目
链上侦探ZachXBT发现一个由10余个高粉丝X账号组成的诈骗网络,该网络利用AI伪造人设,推广虚假加密项目并实施拉盘出货骗局。该行为获利六位数美元,目前怀疑其准备进行下一轮诈骗。呼吁平台采取措施打击此类行为。
GateNews7m geleden
ZachXBT揭露X平台加密骗局网络:10余账号操控情绪收割资金,已获利六位数
ZachXBT披露一个协同网络在X平台上通过制造恐慌引流,加密骗局导致资金损失。这些操控者利用高粉账号和AI生成内容,发布误导信息并引导用户参与虚假活动。用户需谨慎核查账户历史以防诈骗。
GateNews39m geleden
KyberSwap 已识别并阻止所有与 Resolv 攻击事件相关钱包
Gate News 消息,3 月 23 日,Kyber Network 表示,所有与 Resolv 攻击事件相关的钱包均已被迅速识别,并已阻止其在 KyberSwap 平台上进行进一步活动。
GateNews57m geleden
USR稳定币崩盘:黑客铸造8000万美元无抵押代币,价格暴跌70%引发信任危机
3月23日,Resolv旗下的稳定币USR遭遇重大安全事件,攻击者通过私钥泄露铸造约8000万美元无抵押代币,导致USR价格崩跌至0.27美元,跌幅超过70%。Resolv已暂停智能合约并销毁900万枚异常代币,仍有7100万枚未抵押USR在流通。该事件反映出稳定币在安全性和透明度上的脆弱性,市场信任面临挑战。
GateNews2u geleden
ZachXBT vạch trần tài khoản giả mạo cảnh báo chiến tranh liên quan đến các vụ lừa đảo tiền điện tử
Blockchain investigator ZachXBT warns about a fraudulent account named "Rashid bin Saeed," suspected of misleading users into cryptocurrency "pump-and-dump" schemes. Despite having over 353,000 followers, it was only verified in February 2026 and often changes its name, promoting low-cap meme coins like CHIBI. This highlights a familiar pattern of gaining followers through sensational content before pushing low-liquidity tokens. The warning comes as the Crypto Fear and Greed Index plunges into extreme fear, increasing market manipulation risks.
TapChiBitcoin2u geleden
