Author:

“Raising Lobster” Be Cautious! Equipment May Be Stolen

Recently, has everyone been captivated by an AI tool called OpenClaw (colloquially known as “Lobster”)? Claimed to be “the omnipotent AI worker”, it can help you automatically organize files, delete emails, call APIs, and even execute system commands, saving effort and being efficient, suddenly everyone online started to follow the trend of “raising lobster”.

But who would have thought that behind this “ease of use” lies a deadly security trap—OpenClaw has recently seen a massive outbreak of security incidents, with over 30,000 instances worldwide being hacked, and many users in the country stumbled right after using it.

The problem lies in its “inherent shortcomings”: the default permissions are too generous, the security configurations are nearly nonexistent, and it hides several high-risk vulnerabilities. Coupled with a mixed bag of third-party plugin markets, this has given hackers the opportunity to exploit it. Attackers use techniques such as prompt injection, remote code execution, and unauthenticated access to port 18789 to easily take over devices remotely, steal keys, manipulate assets, and delete data, making it hard to defend against.

Numerous victims have already reported online: some had their credit cards drained directly, some had their API keys stolen, racking up debts of over ten thousand yuan in just three days; even Meta's security executives were not spared—more than 200 important emails were bulk deleted by the out-of-control OpenClaw, and there was no way to stop it.

Even more outrageous, the black market has targeted this trend, using the “Lobster” hype to conduct cryptocurrency scams, issuing fake coins and inducing transfers, with some losing hundreds of thousands of assets in the blink of an eye. Due to the severity of the situation, on March 10th and 11th, the National Internet Emergency Center and the Ministry of Industry and Information Technology issued urgent warnings, directly pointing out four major fatal risks of OpenClaw, reminding everyone to take urgent precautions.

Four Major Fatal Risks: Beware of Theft!

The security crisis of OpenClaw is never just a single vulnerability; it is a “fatal combination” of issues such as permission design, ecological control, and technical defects. Its risks are highly concealed, spread rapidly, covering all usage scenarios for individuals and enterprises, and have become the most pressing cybersecurity threat that requires vigilance; a slight mistake could lead to disaster!

1. Prompt Injection: Beware of Data Leaks

Prompt injection is currently the most common and most concealed attack method for OpenClaw! Hackers hide malicious commands in web pages, documents, and group chat messages, exploiting the AI's indiscriminate command execution capability to achieve invisible hijacking. As long as OpenClaw reads content containing malicious commands, it will automatically leak data, transmit data outside, and execute malicious operations, all without any manual intervention needed; even seasoned users may find it hard to notice. This type of attack can cover all scenarios like WeChat, local documents, and web browsing, making it the main method for hackers to steal your sensitive information!

Real Case

Multiple users reported that after integrating OpenClaw with WeChat and authorizing it to read group messages, hackers sent malicious prompts disguised as “business notifications” in the group. After the AI was hijacked, it quietly transmitted the user’s system key and environment variables, with one user even losing a 600 yuan red envelope, completely unaware throughout the process.

2. AI Out of Control: Beware of Erroneous Deletion

OpenClaw’s context compression mechanism has a significant fatal flaw! When processing complex commands, it is prone to losing security constraint clauses, mistakenly judging your intentions, and autonomously executing dangerous operations like deletion or modification. Even if you timely issue a stop command, it can hardly be stopped, especially concerning the erroneous deletion of work emails, core documents, and production data, which cannot be recovered; even professional security personnel find it difficult to prevent!

Real Case

Summer Yue, the AI Security Director of Meta's Super Intelligent Lab, tested OpenClaw by merely requiring it to analyze emails. Due to the defect in the AI's context compression mechanism, the security constraints were discarded, resulting in over 200 important work emails being deleted in bulk. Her attempts to issue stop commands three times were ineffective, and she ultimately had to cut off the power to stop losses.

3. Plugin Poisoning: Installation Equals Pitfall

The plugin ecosystem of OpenClaw is like a “disaster zone”—lacking any effective review mechanism, malicious plugins are rampant in the third-party skills market, ClawHub. Many plugins disguise themselves as “efficiency tools”, “code optimizers”, and “automatic monitoring”, mimicking official icons and names, misleading users, but in reality, they hide malicious code. Once installed, they will secretly steal your keys and implant backdoors, turning your computer into a hacker-controllable “zombie” that lies dormant for a long time, stealing your sensitive information!

Real Case

A programmer in Shenzhen downloaded a plugin disguised as “code auto-optimization” from a third-party forum to improve work efficiency. After 3 days of installation, he discovered that his API key had been stolen, enabling the hacker to maliciously call services, resulting in a debt of 12,000 yuan in just 3 days. Subsequent investigations took a week to completely deregister the key and eliminate the risks.

4. High-Risk Vulnerabilities + Improper Deployment: Public Exposure Leads to Takeover

OpenClaw has port 18789 enabled by default without any authentication protection, and it harbors high-risk vulnerabilities such as RCE (Remote Code Execution) and SSRF (Internal Network Penetration) (these vulnerabilities have been recorded in the national vulnerability database), serving as the “breakthrough point” for hackers to carry out mass attacks. Many individuals, looking to save time, directly expose instances to the public using default configurations and no security protection, which is equivalent to proactively “opening the door” for hackers. They only need to perform a simple scan to take control of your device!

Real Case

A user who deployed OpenClaw failed to close port 18789 and exposed it to the public and enabled VNC remote control functionality. Hackers easily took control of the device through the unauthenticated port vulnerability, accessing saved credit card information in the browser, leading to multiple successful fraudulent transactions totaling over 1,400 yuan, and their credit card was temporarily frozen due to multiple abnormal transactions in a short period.

Black Market Targets “Lobster”, Watch Out for These Scams

With the explosive popularity of OpenClaw, black and gray markets have opportunistically “caught the wind”, turning it into a new type of scam tool, especially targeting blockchain and cryptocurrency asset users. The scams are more concealed, and the harvest is more precise, forming a complete scam industrial chain. This is the area most easily overlooked in this security incident and requires special vigilance!

1. Fake “Lobster Coin” Harvesting from Hype

Everyone must remember: the OpenClaw project team explicitly states that it does not issue any tokens! However, black market elements have taken advantage of this, registering spoof accounts, forging official announcements, and issuing “$CLAW” and “Lobster NFT” and other scam coins, while promoting false claims like “raising lobsters for mining” and “static income”, making grandiose promises. They promote wildly through communities and friend circles, inducing everyone to participate, and once you buy in at high prices, they immediately dump the coins and flee, causing the price to plummet by over 90%, leaving you with nothing to recover, even the way to defend your rights becomes elusive!

2. AI Induces Transfer Theft of Assets

This is one of the most concealed scamming methods! Hackers utilize the command execution characteristics of OpenClaw to induce the AI to autonomously complete wallet transfers with simple phrases. These phrases disguise themselves as normal commands, and do not require remote control by hackers; as long as you grant OpenClaw wallet permissions, it will automatically execute the transfer, allowing assets to be stolen rapidly, with transaction records being hard to trace; once stolen, recovery is nearly impossible!

3. Proxy Deployment Hides Backdoors for Stealing

There are now services all over the internet offering “OpenClaw proxy installations, one-click deployments, and proxies for raising lobsters”, specifically targeting the mindset of those who want “to save trouble and lack technical know-how”, using low prices and convenience as bait, but in reality, they hide tremendous traps! During the deployment process, they may secretly implant malicious programs and leave backdoors, enabling hackers to directly gain the highest permissions and steal your private keys and assets as soon as you bind your wallet or exchange account; the concealment is very strong and difficult to guard against!

4. AI Pig Butchering Precise Scams

The black market has turned OpenClaw into a “scam artifact”! They exploit OpenClaw's ability to generate copy and filter users to create 24/7 automated scam robots. AI can generate customized scam scripts in bulk, precisely targeting different groups such as cryptocurrency asset users and professionals, which lowers the cost of scamming while increasing the success rate, making it more concealed and spread faster than traditional manual scamming.

Simple 7 Steps to Protect Your Devices and Assets

In light of the core risks related to this OpenClaw security incident and referencing practical protective standards from the security industry, we have compiled 7 actionable protective measures that cover the whole process of deployment, use, and maintenance. Personal and enterprise users should strictly implement these to avoid various security risks and safeguard their devices and asset security.

1. Strictly Control Public Exposure to Guard the First Line of Defense

Close the public access to port 18789, do not use 0.0.0.0 for listening, and only allow local/intranet access; remote operations must be encrypted and access sources limited.

2. Stick to Official Versions, Reject Third-Party Images

Uninstall unofficial versions and only download the latest secure version from official OpenClaw channels, and back up core data before upgrading.

3. Use Official Plugins Only, Rather Than Third-Party Ones

Do not install unofficial plugins; obtain them only from the official Skill store, and refuse plugins requiring ZIP downloads or script execution.

4. Adhere to the Principle of Least Privilege, Isolate Operations for Better Security

Do not deploy with administrator/root privileges, restrict access to sensitive paths, and prioritize running in virtual machines or sandboxes for isolation.

5. Strictly Prohibit Authorization of Payment Permissions, Guard Asset Boundaries

Do not authorize OpenClaw for wallet transfers, payments, or other permissions; fund-related operations must be manually confirmed.

6. Turn Off High-Risk Features, Enable Log Auditing

Turn off non-essential features such as VNC and SSH, enable log auditing, and promptly disconnect from the network to investigate any suspicious behavior.

7. Protect Sensitive Information, Prevent Plaintext Storage

Do not allow OpenClaw to read sensitive information, store it encrypted, and periodically change keys and passwords.

Safety First, Protecting Asset Bottom Lines

The security incident of OpenClaw again sounds the alarm for the safety of AI entities. The capabilities and permissions of AI are proportional to security risks, which also rise with convenience; neglecting security details may lead to irreversible losses of devices, data, and assets.

Adhering to the philosophy of “technology for good, safety first”, security teams can provide professional support for personal and enterprise users regarding vulnerability assessments and security hardening related to this OpenClaw incident, ensuring the safety of everyone’s devices and assets.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。