Clawdbot Drama: Forced Rebranding, Cryptocurrency Scam, and 24-Hour Collapse

By Jose Antonio Lanz

Translated by Chopper, Foresight News

TL;DR

A trademark dispute triggered chaos for the popular AI application Clawdbot, which faced a name change and account theft;

Within just a few minutes, the unrelated CLAWD token’s market cap soared to $16 million before crashing rapidly;

Security researchers discovered multiple Clawdbot instances exposed to risks, with associated account credentials also vulnerable to leaks.

Just days ago, Clawdbot was one of the hottest open-source projects on GitHub, garnering over 80,000 stars. This technically impressive tool allows users to run AI assistants locally via messaging apps like WhatsApp, Telegram, and Discord, with full system access.

Now, the project has been forced to rename due to legal issues and has been targeted by cryptocurrency scammers; a fake token falsely claiming to be associated with it briefly surged to a market cap of $16 million before collapsing, and the project has been heavily criticized after researchers found exposed gateways and easily accessible account credentials.

The trigger for this crisis was a trademark infringement claim from AI company Anthropic against Clawdbot founder Peter Steinberger. Many of Clawdbot’s features are based on Anthropic’s Claude model, which the company argued is too similar to its own “Claude” name. Frankly, this claim aligns with trademark law.

However, this trademark dispute triggered a chain of issues, ultimately spiraling out of control.

Peter Steinberger tweeted, “Are there GitHub staff on my Twitter followers? Can someone help me recover my GitHub account? It was stolen by cryptocurrency scammers.”

He announced on Twitter that Clawdbot would be renamed Moltbot. The community was very understanding about the name change, and the official project account even posted, “The lobster kernel remains, just with a new shell.”

Subsequently, Steinberger initiated renaming of his GitHub and Twitter accounts. But during the brief window after abandoning the old account name and registering the new one, scammers seized the opportunity to steal both accounts.

The hijacked accounts then began aggressively promoting a fake CLAWD token issued on Solana. Within hours, speculators pushed the token’s market cap above $16 million.

Some early investors claimed to have made substantial profits, while Steinberger publicly denied any association with the token. Soon after, the token’s value plummeted, causing heavy losses for late buyers.

Steinberger tweeted, “Everyone in crypto: stop messaging me, stop harassing me. I will never issue tokens in my life. Any project claiming I am issuing tokens is a scam. I do not charge any fees, and your actions are severely damaging the development of this project.”

His firm stance angered some in the crypto community. Some speculators believed his public denial caused their losses and launched harassment campaigns against him. Steinberger was accused of “breach of trust,” told to “take responsibility,” and even pressured to endorse projects he had never heard of.

Eventually, Steinberger managed to recover his stolen accounts. But at the same time, security researchers uncovered a serious issue: hundreds of Clawdbot instances were running without any authentication protections, directly exposed to the public internet. This means the unmonitored permissions granted to users for the AI could be easily exploited by malicious actors.

According to Decrypt, AI developer Luis Catacora found that most of these issues stemmed from novice users granting excessive permissions to the AI assistant. He wrote, “I just checked on Shodan and found many gateways exposing port 18789 without any authentication. This means anyone can access the server shell, automate browser actions, or even steal your API keys. Cloudflare Tunnel is free, and these problems shouldn’t exist.”

Red-teaming firm Dvuln founder Jamieson O’Reilly also noted that identifying vulnerable servers is very easy. In an interview with The Register, he said, “I manually checked several instances, and eight of them had no authentication at all, fully open, while dozens had partial protections but still exposed risks.”

What is the core of this technical vulnerability? Clawdbot’s authentication system automatically trusts connection requests from the local host, meaning user connections to their own device. Most users run this software behind a reverse proxy, which causes all external requests to appear as coming from localhost (127.0.0.1) and be automatically authorized, even if they originate from outside the network.

Blockchain security firm SlowMist confirmed this vulnerability and issued a warning: the project has multiple code flaws that could lead to credential theft or remote code execution by malicious actors. Researchers also demonstrated various prompt injection attack methods, including one via email that, in just minutes, tricked the AI instance into forwarding the user’s private information to the attacker.

“This is the consequence of rapid expansion without security audits after the project went viral,” said Abdulmuiz Adeyemo, developer of the startup incubator platform FounderOS. “Behind the ‘open development’ model lies a dark side that no one wants to mention.”

For AI enthusiasts and developers, the good news is that the project has not been abandoned. Moltbot is essentially the same software as Clawdbot, with high-quality code, and despite its popularity, it is not user-friendly for beginners and unlikely to cause large-scale misoperations. Its practical applications do exist, but it still lacks the conditions for mainstream promotion, and security issues remain unresolved.

Allowing an autonomous AI assistant to have server shell access, browser control, and credential management creates numerous attack surfaces—many of which traditional security systems do not account for. The features of such systems—local deployment, persistent memory, active task execution—make their adoption far faster than industry security measures can adapt.

Meanwhile, cryptocurrency scammers continue lurking in the shadows, waiting for the next opportunity to cause chaos.