{"id":93591,"date":"2026-01-27T10:56:36","date_gmt":"2026-01-27T07:56:36","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=93591"},"modified":"2026-01-28T14:11:23","modified_gmt":"2026-01-28T11:11:23","slug":"critical-vulnerabilities-found-in-clawdbot-ai-agent-for-cryptocurrency-theft","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/critical-vulnerabilities-found-in-clawdbot-ai-agent-for-cryptocurrency-theft\/","title":{"rendered":"Critical Vulnerabilities Found in Clawdbot AI Agent for Cryptocurrency Theft"},"content":{"rendered":"<p>Security experts have warned about the dangers of using the AI assistant Clawdbot, which may inadvertently disclose personal data and API keys.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">\ud83d\udea8SlowMist TI Alert\ud83d\udea8<\/p>\n<p>Clawdbot gateway exposure identified: hundreds of API keys and private chat logs are at risk. Multiple unauthenticated instances are publicly accessible, and several code flaws may lead to credential theft and even remote code execution (RCE).<\/p>\n<p>We strongly\u2026 <a href=\"https:\/\/t.co\/j2ERoWPFnh\">https:\/\/t.co\/j2ERoWPFnh<\/a><\/p>\n<p>\u2014 SlowMist (@SlowMist_Team) <a href=\"https:\/\/twitter.com\/SlowMist_Team\/status\/2015962334808965132?ref_src=twsrc%5Etfw\">January 27, 2026<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u201cClawdbot gateway vulnerability discovered: hundreds of API keys and private chats are at risk. Several unauthenticated instances are publicly accessible. Code flaws could lead to data theft and even remote code execution (RCE),\u201d stated SlowMist.<\/p><\/blockquote>\n<p>The company urged the implementation of strict IP whitelisting for open ports.<\/p>\n<p>Security researcher Jamison O\u2019Reilly <a href=\"https:\/\/x.com\/theonejvo\/status\/2015401219746128322\">stated<\/a> that \u201chundreds of people have configured their Clawdbot management servers to be publicly accessible.\u201d<\/p>\n<p>Clawdbot is an open AI assistant developed by entrepreneur Peter Steinberger. It operates locally on the user&#8217;s device and went viral over the weekend of January 24-25.<\/p>\n<h2 class=\"wp-block-heading\">Nature of the Vulnerability<\/h2>\n<p>The agent&#8217;s gateway connects large language models to messaging platforms and executes commands on behalf of the user via a web interface called Clawdbot Control.<\/p>\n<p>The authentication bypass vulnerability occurs when the gateway is placed behind a misconfigured reverse proxy, explained O\u2019Reilly.<\/p>\n<p>The researcher was able to easily find open servers using internet scanning tools like Shodan. He searched for characteristic \u201cfingerprints\u201d in the HTML code.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u201cGathering information on Clawdbot Control requests took only seconds. I obtained hundreds of results using several tools,\u201d he explained.<\/p><\/blockquote>\n<p>O\u2019Reilly gained access to complete credentials: API keys, bot tokens, secret OAuth keys, signing keys, full chat histories across all platforms, the ability to send messages on behalf of the user, and execute commands.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u201cIf you use the agent&#8217;s AI infrastructure, check your configuration today. See what is actually open to the internet,\u201d advised the expert.<\/p><\/blockquote>\n<h2 class=\"wp-block-heading\">Theft of Private Keys<\/h2>\n<p>Archestra AI CEO Matvey Kukuy was able to obtain an OpenSSH private key \u201cin five minutes.\u201d He sent an email to Clawdbot with a \u201cprompt injection\u201d attack and asked the bot to check the mail.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Drama in one screenshot:<br \/>\n1) Sending Clawdbot email with prompt injection<br \/>\n2) Asking Clawdbot to check e-mail<br \/>\n3) Receiving the private key from the hacked machine<br \/>\n\u2026 took 5 minutes<br \/>\nThat&#8217;s why we build non-probabilistic agentic security in Archestra: <a href=\"https:\/\/t.co\/ukhV6Z7tl1\">https:\/\/t.co\/ukhV6Z7tl1<\/a> <a href=\"https:\/\/t.co\/2d6OP7mNnv\">pic.twitter.com\/2d6OP7mNnv<\/a><\/p>\n<p>\u2014 Matvey Kukuy (@Mkukkk) <a href=\"https:\/\/twitter.com\/Mkukkk\/status\/2015951362270310879?ref_src=twsrc%5Etfw\">January 27, 2026<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Clawdbot differs from other AI agents in that it has full system access to the user&#8217;s computer. It can read and write files, execute commands, run scripts, and control browsers.<\/p>\n<p>Earlier in January, SlowMist <a href=\"https:\/\/forklog.com\/en\/news\/slowmist-identifies-future-attack-in-linux-store\">discovered<\/a> a \u201cfuture attack\u201d in the Linux store.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security experts have warned about the dangers of using the AI assistant Clawdbot, which may inadvertently disclose personal data and API keys.<\/p>\n","protected":false},"author":1,"featured_media":93592,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"Security experts warn of Clawdbot's risks, including data exposure and API key leaks.","creation_source":"ai_translated","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[438,1301,1111],"class_list":["post-93591","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-artificial-intelligence","tag-blockchain-vulnerabilities","tag-cybersecurity"],"aioseo_notices":[],"amp_enabled":true,"views":"2211","promo_type":"1","layout_type":"1","short_excerpt":"Security experts warn of Clawdbot's risks, including data exposure and API key leaks.","is_update":"0","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/93591","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=93591"}],"version-history":[{"count":2,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/93591\/revisions"}],"predecessor-version":[{"id":93654,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/93591\/revisions\/93654"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/93592"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=93591"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=93591"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=93591"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}