Odaily Planet Daily reports that security researcher Lukasz Olejnik posted on X that 360’s AI assistant, “360 Security Crab” (OpenClaw), leaked an SSL private key in its installer. The private key corresponds to the domain *.myclaw.360.cn and is valid until April 2027. Attackers could exploit this key to impersonate 360 servers, intercept user traffic, or forge login pages. Notably, 360’s founder Zhou Hongyi previously promised “never to leak passwords” when launching this product. It is worth noting that 360 currently serves 461 million users and has an estimated valuation of $10 billion. This report has been corroborated by several developers in the Chinese-speaking community.
360's OpenClaw Assistant Exposed SSL Private Key, Contradicting Founder's Previous Promise
KuCoinFlashShare
Summary
A security researcher revealed that 360’s AI assistant, OpenClaw, leaked an SSL private key, contradicting founder Zhou Hongyi’s pledge. The key, valid until 2027, pertains to the domain *.myclaw.360.cn and could enable server impersonation or traffic interception. 360 serves 461 million users and has a $10 billion valuation. The issue drew attention in liquidity and crypto markets, raising concerns over CFT measures. Developers in China confirmed the findings.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.