Home
News
Details

Claw Wallet Launches to Secure AI Agent Chain Activity Amid Rising Risks

iconChaincatcher
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
Claw Wallet launches to secure AI agent chain activity in a major on-chain update. Addressing rising risks highlighted by AI and crypto developments, Claw introduces key sharding, dynamic risk control, and real-time monitoring for the 250,000 active AI agents on-chain by 2026. It aims to prevent unauthorized actions in DeFi, perpetual trading, and cross-chain operations.

In 2026, many people called it the Year of Agentic Finance. With OpenClaw, agents can automatically arbitrage, trade, and execute complex DeFi operations, effectively becoming users' personal money printers.

But the illusion shattered quickly.

In February, OpenAI employee Nik Pash used the OpenClaw framework to develop a crypto trading AI agent called "Lobstar Wilde," which, while processing a netizen's求助 message (requiring only 4 SOL for medical expenses), mistakenly transferred all 52.43 million LOBSTAR tokens it held due to a quantity parsing error.

At the time, the market value was approximately $250,000; after the token price rose, its value approached $600,000. Within 15 minutes of the transfer, all tokens were sold off, resulting in an actual cash-out of about $40,000. However, the overall loss reached hundreds of thousands of dollars. This was a classic case of an AI agent acting autonomously and losing control—not due to a hack or a smart contract vulnerability, but because the Agent "misunderstood" and sent all the funds away.

Cybercriminals quickly replicated this logic. According to media reports, black and gray market actors have exploited OpenClaw’s command execution capability to induce AI to autonomously complete wallet transfers using simple prompts. Users have already lost hundreds of thousands in assets—including stablecoins like USDT—with transaction records proving difficult to trace; once authorization is granted, recovery is nearly impossible. The China Internet Finance Association has also issued a specific advisory, listing “funds loss risk” as one of OpenClaw’s four core risks, explicitly stating that malicious actors with high-level permissions can directly steal user funds.

This is not a bug in a smart contract—it’s a systemic risk inherent in the Agent’s execution environment. A single parsing error or a deceptive instruction disguised as legitimate can cause the Agent to perform an irreversible on-chain action, wiping out everything.

Agents are becoming increasingly active on-chain, but the infrastructure to protect them is far from ready.

The market is racing, and so are the accidents.

At the beginning of 2026, on-chain daily active AI Agents surpassed 250,000, a year-over-year increase of over 400%. 68% of new DeFi protocols have integrated autonomous AI Agents. The global AI Agent market is projected to grow from $7.84 billion to $52.62 billion, with a CAGR of 46.3%. Analysts predict that by year-end, AI Agents could account for 30% of on-chain transaction volume.

Now let’s look at the other side of the incident:

  • In November 2024, a user asked ChatGPT to write a trading bot for Pump.fun; the AI recommended a phishing API, and within 30 minutes, the wallet was emptied, resulting in a $2,500 loss. That same month, the trading terminal DEXX was hacked due to private keys being stored in plain text, leading to approximately $21 million in theft, affecting nearly a thousand people, with compensation still nowhere in sight.

  • By the end of 2025, the trading bot DeBot wallet was suspected to be compromised, with 250,000 USDT swiftly transferred.

  • In March 2026, the widely used AI developer library litellm (95 million monthly downloads) was supply-chain poisoned, with malicious code automatically stealing cryptocurrency wallets and cloud credentials; Karpathy personally posted a warning.

The cases are fragmented, but they all point to one core issue:

From script bots to Agent Trading, a more mature wallet infrastructure is required. A赛道 worth tens of billions of dollars in the coming years sees most participants choosing to swim naked for convenience.

This is the reality we see—and the issue we aim to solve alongside many leaders in the Web3 security industry.

What is Claw Wallet?

If MetaMask represents To-C wallets and Privy represents To-B wallets, then Claw Wallet aims to become the most user-friendly To-A wallet: a payment infrastructure fully supporting autonomous agent activities while ensuring security.

  • Shard Isolation: Isolating private keys is a basic practice. But Claw Wallet goes further—using proven key sharding technology, assets are jointly managed by Agents, risk control policies, and users, with redundant backups providing additional disaster tolerance.

  • Interactive Security: Users can customize their risk control settings to precisely manage sending addresses, interacting addresses, transaction amounts, frequency, and signing policies. Non-technical users need not worry—strict default settings automatically block malicious contracts and phishing signatures.

  • User-friendly: Supports multiple setup methods—Agents can be installed with a single click and independently, or easily linked to human users. For high-frequency trading and data scraping scenarios, fully automated mode and SDK are provided, enabling advanced users to integrate quickly across various use cases.

Why do we choose to do harder things?

To be honest, many wallets today simply hand over private keys to agents and call it a day with a whitelist. We strongly advise against using these solutions.

Some wallets that prioritize security at least implement private key isolation and sandboxed execution—we generally agree with this approach. But for us, it’s not enough.

The reason is simple: the behavior of the Agent is dynamic.

It doesn't repeat the same actions every day—it makes different decisions based on market conditions, on-chain status, and strategy parameters. A well-crafted malicious contract can easily bypass the limitations of static rules.

Private key security is only the most basic layer. Dynamic interaction security is what ultimately determines whether an Agent can cover asset losses.

Claw Wallet implements risk control at the strategy level—understanding the behavioral context of the Agent and assessing whether a transaction is reasonable before execution, not after the fact.

Technically, the private key is split into multiple encrypted shards, held separately by the sandbox, backend, and user-side security processes. Any signing operation must satisfy two conditions simultaneously: policy verification passed + user confirmation.

Simply put: No matter how fast your Agent runs outside, the key is always in your hands.

Different scenarios, different protections

Claw Wallet is not a one-size-fits-all solution. We have designed targeted features for the most active on-chain scenarios for Agents:

  • DeFi yield automation: Agents move funds across protocols to maximize returns, with risks arising from excessive approvals and contract vulnerabilities. Claw Wallet’s approach: granular risk control + anomaly-triggered halts—agents can only operate within protocols you approve, and activity is immediately paused if behavior deviates.

  • Perpetual Contracts / Automated Trading: Extremely high security requirements for private keys; losses can occur in seconds upon leakage. Claw Wallet employs isolated key management, ensuring private keys are never stored or transmitted in plaintext, and signatures are completed in a controlled environment.

  • Cross-chain asset operations: Bridge contracts have consistently been high-risk areas for security incidents. Claw Wallet identifies transaction intent before signing and automatically blocks known malicious contracts and suspicious signature requests.

  • On-chain micropayments/Agent-to-agent settlement: The risk of high-frequency, small-value transactions lies in "invisible losses"—each amount is small, but they add up over time. Claw Wallet provides real-time monitoring and threshold alerts, triggering immediate notifications for unusual frequency or abnormal fund flows.

It’s time

Over 250,000 active agents operate on-chain every day, moving real funds and generating real revenue. This number is accelerating rapidly.

But growth does not equal maturity. An agent without proper security safeguards isn't helping you create value—it's helping you accumulate risk.

You spent time training it, configuring it, and teaching it how to earn on-chain—now it’s time to give it a truly secure home.

Today, Claw Wallet is officially launched.

Official website installation:https://www.clawwallet.cc

Claw Wallet has established deep partnerships with multiple organizations, including PIN AI, 0G Labs, Haedal, Navi Protocol, and Clawdi, to comprehensively secure on-chain AI Agent operations.

Take your Agent out with Claw Wallet, and travel with peace of mind.

About Claw Wallet

A secure wallet built specifically for AI agents

ClawWallet is a professional Web3 security wallet designed for AI agents, enabling self-custodial multi-chain wallet deployment in just 3 seconds. It ensures secure usage of crypto assets within authorized limits through a policy-driven risk control engine, built specifically for high-risk on-chain agent workflows.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.