Key Highlights
Clawdbot’s GitHub and X accounts were hijacked by crypto scammers, showing how top AI projects face real security risks.Fake Clawdbot tokens spiked 129,000% in a day, proving hype can quickly attract scammers and put users at risk.Developers must separate real projects from scams, as visibility often draws fake coins and malicious actors online.
Clawdbot, an open-source AI assistant now rebranded as Moltbot, is facing a major security scare after its Founder, Peter Steinberger, revealed that crypto scammers hijacked his GitHub and X accounts.
In a series of posts on X, Steinberger emphasized that he has never issued any tokens and that projects listing him as a coin owner are scams. He urged crypto enthusiasts to stop harassing him and clarified that he will not accept any token-related fees.
Steinberger explained that a forced account renaming by Anthropic triggered the issue. He posted, “Crypto folks: I was forced to rename the account by Anthropic. Wasn’t my decision.” Scammers immediately squatted on his old accounts.
Steinberger added, “Do I have anyone from GitHub in my timeline who could help me get my account on GitHub back? It was snatched by crypto scammers.” The founder also confirmed that the targeting came specifically from crypto communities, stating, “Because it’s only that community that harasses me on all channels and they were already waiting.”
Clawdbot security risks exposed
The founders’ posts come as blockchain security firm SlowMist recently warned about problems with Clawdbot. The firm found hundreds of Clawdbot API keys and private chat logs exposed online. Some accounts can be accessed without passwords, letting hackers steal information or take control. The risk comes from Clawdbot’s system that handles messages, tools, and sensitive account info.
Hacker Jamieson O’Reilly explained on X, “Something users (developers included) often don’t realise is, the entire IPv4 internet gets scanned continuously – by people on both sides of the security spectrum.” Some Clawdbot servers even run the agent as root, giving anyone who discovers them full system control. Reverse proxy setups can misinterpret external connections as local, allowing unauthorized access.
The Clawdbot craze has also spread into crypto. Fake Clawdbot tokens have seen wild price swings—one jumped nearly 129,000% in a single day—showing how hype can quickly attract scammers.
Co-Founder of Voltagent Ozmen added, “This happens to nearly every OSS project. When it gains visibility, scammers create fake coins with the name, farm engagement, & run rugs.” He suggested that developers make it clear their projects are separate from scams and avoid getting unnecessarily involved.
Crypto scams worsen across platforms
The Clawdbot situation is reminiscent of other security issues faced in crypto. Earlier this month, a prosecutor’s office in South Korea lost $48 million in Bitcoin after falling victim to a phishing scam. The officials accessed a phishing website while working on crypto assets that had been seized and stored their passwords on USB drives, which is not advisable.
In another case, a crypto user lost over $500,000 in USDT after falling victim to an Ethereum address poisoning attack. The victim sent out a bulk transfer to an address that was very similar to the intended recipient. This shows that even experts can be victims of basic errors that cost them big.
Clawdbot’s stolen accounts and security gaps show how important it is for AI and crypto projects to stay safe. People should double-check if a project is real, keep their login info secure, and stay away from unverified coins or tokens.
Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.
