Gate News: On March 26, GoPlus Security issued a security alert stating that Silverfort security researchers discovered a serious vulnerability in OpenClaw’s skill repository ClawHub. Attackers can bypass protection mechanisms by calling the internal function downloads:increment, and with just one curl request, they can increase download counts to over 20,000 within minutes. This pushes malicious skills to the top of search rankings, tricking users or AI agents into automatically installing them. Once a malicious skill is run, it can steal sensitive data such as crypto wallets and API keys. The vulnerability was fixed within 24 hours. GoPlus warns that high download numbers do not equate to safety and recommends using AgentGuard for security scanning and protection.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Litecoin Undergoes Deep Chain Reorganization After MWEB Privacy Layer Exploit
Gate News message, April 26 — Litecoin experienced a deep chain reorganization (reorg) on Saturday after attackers exploited a zero-day vulnerability in its MimbleWimble Extension Block (MWEB) privacy layer, the Litecoin Foundation announced. The reorg spanned blocks 3,095,930 to 3,095,943 and
GateNews15m ago
Litecoin Sees First Privacy Layer Hack: MWEB Zero-Day Vulnerability Triggered 13-Block Reorganization
According to The Block, the Litecoin Foundation confirmed that the MWEB privacy layer suffered a zero-day vulnerability. The attacker used older nodes to make forged MWEB transactions appear valid, causing a rollback of 13 blocks on the main chain (about 3 hours), and performing double-spends against cross-chain exchanges; NEAR Intents exposed about $600k, and the mining pool was also hit with a DoS. A patched version has been released—please upgrade immediately. Main-chain balances are not affected, but it highlights the trade-off between reducing observability and increasing detection difficulty for the privacy layer.
ChainNewsAbmedia2h ago
Aave, Kelp, LayerZero Seek $71M Frozen ETH Release from Arbitrum DAO
Aave Labs, Kelp DAO, LayerZero, EtherFi, and Compound filed a Constitutional AIP on the Arbitrum forum Saturday morning requesting the network's DAO release approximately $71 million in frozen ETH to support rsETH recovery efforts following last week's $292 million Kelp DAO exploit. The proposal
CryptoFrontier3h ago
Litecoin Suffers Deep Chain Reorganization After MWEB Zero-Day Exploit, Erasing Three Hours of History
Gate News message, April 26 — Litecoin experienced a deep chain reorganization (reorg) on Saturday after attackers exploited a zero-day vulnerability in its MimbleWimble Extension Block (MWEB) privacy layer, according to the Litecoin Foundation. The bug allowed mining nodes running older software to
GateNews9h ago
Apecoin Insider Turns $174K Into $2.45M in One Day With 14x Trade on Both Sides of 80% Surge
An anonymous wallet with no prior trading history turned $174,000 worth of ether into $2.45 million by trading Apecoin on both sides of an 80% price surge in a single day.
Key Takeaways:
Wallet 0x0b8a converted $174,000 in ETH into a leveraged Apecoin long, exiting near the top for a $1.79M
Coinpedia9h ago
Hong Kong Police Dismantle Cross-Border Fraud Ring Targeting Overseas Students, Seizing HK$5M in Assets
Gate News message, April 26 — Hong Kong police have dismantled a cross-border fraud ring that targeted overseas Chinese students studying abroad, according to local media. The syndicate impersonated law enforcement officials and coerced victims into traveling to Hong Kong to purchase gold bars as "c
GateNews9h ago
