ClawdBot Skills ganked all my crypto

ClawdBot, the buzzy local AI assistant, just face-planted into a full-on crypto heist drama. Researchers say 14 flashy “skills” were uploaded to ClawHub and GitHub in late January, posing as trading tools for ByBit, Polymarket, and more. Instead of profits, they pushed sketchy zip downloads like “PolymarketAuthTool.zip” and sneaky commands that hoover up wallet keys, passwords, and exchange logins—macOS and Windows both got hit. All roads led back to the same control server, meaning this wasn’t a one-off; it was organized.

The comments lit up like a Christmas tree. The harsh crowd went full gladiator: _se snapped, “Anyone dumb enough to run this on their computer deserves it,” while lpcvoid called it peak “self‑pwn.” The policy nerds chimed in with this_user warning it’s a classic supply‑chain mess—installing add‑ons from random registries is basically inviting trouble. And the conspiracy‑flavored takes? dispersed side‑eyed the hype machine, calling it “pushed so hard to normies” and “100% predictable.”

There’s some “told you so” energy too, with nods to earlier ClawdBot security warnings and folks wondering why the official registry didn’t scan listings when payloads were visible in plain text. The meme of the moment: ClickFix → ClickBroke. The vibe: clown car meets crypto wallet. The lesson: don’t hand your keys to a chatbot dressed like a day trader.