AI Agents Like OpenClaw Expose Crypto Wallet Credentials to Risk

Crypto wallet credentials at risk due to AI agents like OpenClaw, warns cybersecurity firm CertiK.

The widespread integration of AI assistants such as OpenClaw introduces critical security risks that open up users to unauthorized actions, data exposure, system compromises and drained crypto wallets. According to CertiK, these risks are not just theoretical but have already been exploited by attackers in the wild.

CertiK researchers identified over 280 GitHub Security Advisories and 100 Common Vulnerabilities and Exposures (CVEs) associated with OpenClaw since its launch. They also found that malicious skills can be installed from local or marketplace sources, making it difficult to detect conventional malware. Unlike traditional malware, 'malicious skills' can manipulate behavior through natural language, resisting conventional scanning.

The researchers warned of the dangers of plugins and malicious backdoors hidden within legitimate functional codebases, which can exfiltrate sensitive information such as passwords and cryptocurrency wallet credentials. They also noted a clear overlap in tradecraft with the broader crypto-theft ecosystem, including social engineering, fake utility lures, credential theft, and wallet-focused phishing.

OpenClaw founder Peter Steinberg acknowledged that the platform has security issues but stated that they are working to improve its security. Meanwhile, CertiK advises ordinary users not to install and use OpenClaw from scratch until more mature versions become available.