Clawdbot Farce: Forced Rebranding, Cryptocurrency Scam, and 24-Hour Collapse
TechFlow Selected TechFlow Selected
Clawdbot Farce: Forced Rebranding, Cryptocurrency Scam, and 24-Hour Collapse
Within just a few minutes, the market cap of the CLAWD token—unrelated to this project—soared to $16 million before crashing rapidly.
Navigating Web3 tides with focused insightsBy: Jose Antonio Lanz
Translated by: Chopper, Foresight News
TL;DR
- A trademark dispute triggered a naming controversy and account hijacking crisis for the viral AI application Clawdbot;
- Within minutes, the unrelated CLAWD token surged to a $16 million market cap before collapsing;
- Security researchers discovered multiple Clawdbot instances exposed online, with associated account credentials at risk of leakage.
Just days ago, Clawdbot was one of GitHub’s hottest open-source projects—amassing over 80,000 stars. This technically impressive tool enables users to run AI assistants locally via messaging apps like WhatsApp, Telegram, and Discord, granting them full system access.
Today, however, the project has not only been forced to rebrand due to legal issues but also targeted by cryptocurrency scammers. A fraudulent token launched under its name briefly spiked to a $16 million market cap before crashing—and the project itself drew criticism after researchers uncovered exposed gateways and easily accessible account credentials.
The crisis began when AI company Anthropic sent Peter Steinberger, Clawdbot’s founder, a trademark infringement claim. Many of Clawdbot’s features are built on Anthropic’s Claude model, and the company argued that “Clawd” is too similar to its trademarked name “Claude.” Objectively, this claim aligns with trademark law.
Yet this trademark dispute set off a chain reaction that ultimately spiraled out of control.
Peter Steinberger tweeted: “Does anyone in my Twitter following list work at GitHub? Can you help me recover my GitHub account? It’s been hijacked by crypto scammers.”
Peter Steinberger announced on Twitter that Clawdbot would be renamed Moltbot. The community responded with remarkable tolerance; the official project account even posted: “Same lobster kernel—just a new shell.”
Steinberger then proceeded to rename both his GitHub and Twitter accounts. But during the brief window between abandoning the old handles and registering the new ones, crypto scammers seized both accounts.
The compromised accounts immediately began aggressively promoting a fake CLAWD token issued on Solana. Within hours, speculative traders pushed its market cap above $16 million.
Some early investors claimed massive profits, while Steinberger publicly denied any affiliation with the token. Shortly thereafter, the token’s market cap collapsed—leaving late buyers with heavy losses.
Peter Steinberger tweeted: “To everyone in crypto: Stop messaging me. Stop harassing me. I will never launch a token. Any project listing me as a token issuer is a scam. I won’t charge anything—and your actions are seriously harming this project’s development.”
Steinberger’s firm rejection angered parts of the crypto community. Some speculators blamed his public denial for their losses and launched coordinated harassment campaigns against him. He was accused of “betrayal,” demanded to “take responsibility,” and pressured—despite having no knowledge of these projects—to endorse them.
Eventually, Steinberger successfully recovered his hijacked accounts. Meanwhile, security researchers uncovered a serious technical flaw: hundreds of Clawdbot instances were running without authentication, fully exposed to the public internet. In other words, the unmonitored permissions granted to this AI assistant could easily be exploited by malicious actors.
According to Decrypt, AI developer Luis Catacora used the Shodan search engine to scan for vulnerabilities and found the root cause lies largely in novice users assigning excessive permissions to the assistant. He wrote: “I just checked Shodan and found numerous port 18789 gateways exposed without any authentication. That means anyone can gain shell access to your server, automate browser actions, or even steal your API keys. Cloudflare Tunnel is free—this shouldn’t happen.”
Jamieson O’Reilly, founder of red-teaming firm Dvuln, also found it trivial to identify vulnerable servers. Speaking to The Register, he said: “I manually inspected several live instances—eight had absolutely no authentication and were wide open, while dozens more implemented partial protections but still left significant exposure risks.”
What’s the technical root cause? Clawdbot’s authentication system automatically trusts connections originating from localhost—that is, requests from the user’s own device. Most users deploy the software behind reverse proxies, causing all external requests to appear as if they originate from the local loopback address 127.0.0.1—and thus get automatically authorized—even though those requests actually come from outside the network.
Blockchain security firm SlowMist confirmed the vulnerability and issued a warning: the project contains multiple code flaws that could lead to credential theft or even remote code execution. Researchers demonstrated several prompt injection attack methods—including one delivered via email that, within minutes, tricked an AI instance into forwarding users’ private information to attackers.
“This is what happens when a project goes viral, expands rapidly, and skips security audits,” wrote Abdulmuiz Adeyemo, developer at startup incubator FounderOS. “The ‘open development’ model harbors a dark side nobody wants to talk about.”
For AI enthusiasts and developers, there’s good news: the project isn’t dead. Moltbot is functionally identical to Clawdbot—the underlying code is solid—and despite its popularity, the tool remains unintuitive for beginners, minimizing the risk of widespread misconfiguration. Its use cases are real, though it’s not yet ready for mainstream adoption. Meanwhile, its security issues remain unresolved.
Granting an autonomous AI assistant permissions like server shell access, browser control, and credential management introduces entirely new attack surfaces—ones traditional security frameworks weren’t designed to handle. These systems’ characteristics—local deployment, persistent memory, and proactive task execution—enable adoption speeds far exceeding the pace at which industry security practices can adapt.
And crypto scammers remain lurking in the shadows, waiting for their next opportunity to sow chaos.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
Decrypt
