Gate News Report, March 15 — The China Internet Finance Association issued a risk alert regarding the security of OpenClaw applications. The association pointed out that while the OpenClaw AI can improve work efficiency, its default high system permissions and weak security configurations are easily exploited by attackers, becoming a breach point for stealing sensitive data or illegally controlling transactions, posing serious risks to the industry.\n\nThe China Internet Finance Association advises financial consumers to exercise extreme caution when installing OpenClaw on devices used for online banking, securities trading, payments, and other personal financial activities. If installation is necessary, the following measures are recommended: do not grant system operation permissions related to financial services; promptly apply OpenClaw vulnerability patches; strictly control the installation of functional plugins; avoid entering sensitive information such as ID numbers, bank card numbers, or payment passwords when not in use. Additionally, the association warns that such applications continuously calling large model interfaces during operation may incur high Token costs, and users should monitor this closely.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Venus Protocol 攻擊者轉移 2301 枚 ETH,流入 Tornado Cash 清洗
According to the on-chain analyst Ai Auntie’s monitoring on April 22, the Venus Protocol attacker transferred 2,301 ETH (about $5.32 million) to address 0xa21…23A7f 11 hours ago, then moved the funds in batches into the crypto mixer Tornado Cash for laundering; as of the time of monitoring, the attacker still held about $17.45 million worth of ETH on-chain.
MarketWhisper24m ago
CometBFT zero-day vulnerability exposed, $8.0 billion Cosmos network nodes face a risk of permanent lockup
Security researcher Doyeon Park disclosed on April 21 that there is a high-severity zero-day vulnerability rated CVSS 7.1 in the Cosmos consensus layer CometBFT. It could allow a malicious peer node to attack nodes during the block synchronization (BlockSync) stage and cause them to deadlock, impacting a network that safeguards more than $8 billion in assets.
MarketWhisper30m ago
North Korean Lazarus Group Releases New Mach-O Man macOS Malware Targeting Crypto
Summary: Lazarus Group released a native macOS malware toolkit named Mach-O Man, aimed at crypto platforms and high-value executives; SlowMist warns users to exercise caution against attacks.
Abstract: The article reports that the Lazarus Group has unveiled Mach-O Man, a macOS-native malware toolkit aimed at cryptocurrency platforms and high-value executives. SlowMist warns users to exercise caution to mitigate potential attacks.
GateNews59m ago
A Bitcoin toll scam appeared in the Strait of Hormuz, and after a ship paid, it was still shelled
According to CoinDesk on April 22, the Greek maritime risk services company Marisks issued a warning, saying scammers are impersonating Iranian authorities to send messages to multiple shipping companies and requesting Bitcoin or USDT as a “toll” to pass through the Strait of Hormuz. Marisks confirmed that the relevant messages are not coming through official Iranian channels, and, according to Reuters, said it believes at least one vessel was deceived and was still shelled when it tried to pass over the weekend.
MarketWhisper1h ago
RHEA Finance Security Incident Update: About a $400k shortfall remains, with a commitment to fully compensate it
RHEA Finance has released a follow-up update regarding the security incident on April 16, confirming that there has been tangible progress in recovering assets. As of this update, it is estimated that there is still an approximately $400k funding gap, mainly due to the combination of NEAR, USDT, and USDC in the lending market liquidity pool. RHEA Finance has committed to fully cover any remaining shortfall to ensure that all affected users receive full compensation.
MarketWhisper1h ago
Researcher Discloses Critical CVSS 7.1 Zero-Day Vulnerability in Cosmos Consensus Layer CometBFT
Security researcher Doyeon Park disclosed a CVSS 7.1 zero-day in Cosmos' CometBFT causing potential node freezes during sync; vendor resistance, downgrades, and disclosure led to April 21 reveal; validators should avoid restarts before patch.
Abstract: Security researcher Doyeon Park disclosed a critical CVSS 7.1 zero-day vulnerability in Cosmos' CometBFT consensus layer that could cause nodes to freeze during block synchronization, potentially affecting networks securing over $8 billion in assets. The vulnerability cannot directly steal funds. Park pursued coordinated disclosure beginning Feb 22, but faced vendor resistance to public disclosure and issues with HackerOne. The vendor downgraded a related vulnerability (CVE-2025-24371) to informational on Mar 6, prompting Park to release a network-level proof-of-concept before public disclosure on Apr 21. The advisory recommends Cosmos validators avoid restarting nodes until patches are released; nodes already in consensus may continue but restart and resync could expose them to attacks by malicious peers, risking deadlock.
GateNews1h ago
