However, Slowmist says that this suggests an organized and repeated attack effort, not random uploads.
- Also Read :
- Aperture Finance Hit by $3.67M Smart Contract Exploit, Funds Laundered via Tornado Cash
- ,
How the Attack Actually Works?
According to the researchers, the main weakness comes from how OpenClaw skills are built. Many rely on instruction files that users run directly during setup. Attackers abused this by placing hidden download-and-run commands inside those instructions.
In many cases, the first attackers used coded messages to hide their real commands. When the code is decoded and run, it secretly downloads another program from an outside server. Secondly, that program then carries out the actual attack.
This two-step method helps attackers avoid early detection and lets them change the harmful program anytime without updating the visible plugin page.
Malicious Domain Analysis
SlowMist said its review of hundreds of threat indicators showed many of these plugins connected to the same small set of domains and IP addresses, 91.92.242.30. This suggests a planned, group-driven campaign rather than random one-off attacks.
Security teams are now warning OpenClaw users to double-check skill instructions and avoid running unknown command steps until stronger review controls are in place.
Never Miss a Beat in the Crypto World!
Stay ahead with breaking news, expert analysis, and real-time updates on the latest trends in Bitcoin, altcoins, DeFi, NFTs, and more.
FAQs
OpenClaw’s ClawHub hosted malicious plugins that slipped through weak reviews, exposing developers to hidden code and supply chain-style attacks.
Security scans flagged 341 malicious plugins out of 2,857 reviewed, indicating a large and coordinated threat inside the ClawHub ecosystem.
Avoid running unknown setup commands, review instructions carefully, and limit plugin installs until stronger security checks are enforced.
Trust with CoinPedia:
CoinPedia has been delivering accurate and timely cryptocurrency and blockchain updates since 2017. All content is created by our expert panel of analysts and journalists, following strict Editorial Guidelines based on E-E-A-T (Experience, Expertise, Authoritativeness, Trustworthiness). Every article is fact-checked against reputable sources to ensure accuracy, transparency, and reliability. Our review policy guarantees unbiased evaluations when recommending exchanges, platforms, or tools. We strive to provide timely updates about everything crypto & blockchain, right from startups to industry majors.
Investment Disclaimer:
All opinions and insights shared represent the author’s own views on current market conditions. Please do your own research before making investment decisions. Neither the writer nor the publication assumes responsibility for your financial choices.
Sponsored and Advertisements:
Sponsored content and affiliate links may appear on our site. Advertisements are marked clearly, and our editorial content remains entirely independent from our ad partners.
About Author
