AI Agent Boom Turns Risky: OpenClaw Exposes Millions to Hacks and Crypto Theft
- OpenClaw’s rapid growth has introduced widespread security vulnerabilities across its architecture and deployments.
- Malicious extensions and misconfigured systems are key drivers of risk, enabling data theft and system compromise.
- CertiK warns that inexperienced users should delay adoption until stronger safeguards are implemented.
OpenClaw’s rapid adoption is creating new security challenges, with researchers warning that the AI agent framework introduces multiple pathways for data breaches, system compromise and crypto-related theft. According to CertiK, these risks are driven by the interaction between external inputs and local execution environments, which can be exploited if not properly secured.
The platform functions as an autonomous assistant that connects to messaging services such as WhatsApp, Slack and Telegram, while managing tasks across emails, calendars and files. Since launching in November 2025, it has expanded quickly, reaching hundreds of thousands of developers and millions of users. This rapid uptake has contributed to what the report describes as significant ‘security debt’ as real-world usage exceeded its initial design assumption.
Related: Meta Eyes Stablecoin Launch to Power Payments Across Its 3 Billion-User Network
Widespread Flaws Emerge
CertiK’s findings show that OpenClaw has accumulated over 280 security advisories and more than 100 vulnerabilities in a short timeframe, highlighting persistent weaknesses across its architecture. At the same time, large numbers of publicly exposed deployments have been identified worldwide, many lacking adequate safeguards.
Third-party extensions represent a key attack vector, with malicious tools and fake packages identified within the ecosystem. These components can manipulate agent behaviour through language-based inputs, enabling them to bypass conventional detection systems. Once activated, they may extract sensitive data such as login credentials and crypto wallet information.
The report also emphasises that poorly configured deployments can be exploited even in the absence of software bugs, increasing overall risk. CertiK therefore recommends that less experienced users avoid deploying OpenClaw until stronger security protections are in place.
Related: Bitrefill Hack Exposes Wallets and Gift Card Systems as North Korean Links Emerge
The post AI Agent Boom Turns Risky: OpenClaw Exposes Millions to Hacks and Crypto Theft appeared first on Crypto News Australia.
You May Also Like
Understanding the Difference Between Pi on Exchanges and Pi in Wallets
BTC Leverage Builds Near $120K, Big Test Ahead
Wormhole token soars following tokenomics overhaul, W reserve launch
Wormhole’s native token has had a tough time since launch, debuting at $1.66 before dropping significantly despite the general crypto market’s bull cycle. Wormhole, an interoperability protocol facilitating asset transfers between blockchains, announced updated tokenomics to its native Wormhole (W) token, including a token reserve and more yield for stakers. The changes could affect the protocol’s governance, as staked Wormhole tokens allocate voting power to delegates.According to a Wednesday announcement, three main changes are coming to the Wormhole token: a W reserve funded with protocol fees and revenue, a 4% base yield for staking with higher rewards for active ecosystem participants, and a change from bulk unlocks to biweekly unlocks.“The goal of Wormhole Contributors is to significantly expand the asset transfer and messaging volume that Wormhole facilitates over the next 1-2 years,” the protocol said. According to Wormhole, more tokens will be locked as adoption takes place and revenue filters back to the company.Read more
