Verify a decision

{"actor":"system:backfill","investigation_id":"8fba1cf6-a0cd-4354-9881-487443b156e4","kind":"publish","page_slug":"clawd-token-fake-clawdbot-ai-scam","published_at":"2026-06-30T17:31:57.644Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"CLAWD Token (Fake ClawdBot AI Scam)","sections":[{"content":"ClawdBot was an open-source AI assistant created by Peter Steinberger, also known online as @steipete, the founder of PSPDFKit. The project, described informally as 'Claude with hands,' allowed users to control their computers through messaging platforms such as WhatsApp, Telegram, and Discord using Anthropic's Claude models. The project accumulated more than 60,000 GitHub stars and a Discord community of over 8,900 members within weeks of its launch in late 2025. Steinberger has no known connection to any cryptocurrency project and publicly stated on multiple occasions that he has never issued a token and never intends to do so.","heading":"Identity of the Legitimate Project and Founder","severity":"low","sources":[{"credibility":2,"name":"Clawdbot Chaos: A Forced Rebrand, Crypto Scam and 24-Hour Meltdown — Decrypt","type":"news_article","url":"https://decrypt.co/356191/clawdbot-chaos-forced-rebrand-crypto-scam-24-hour-meltdown"},{"credibility":1,"name":"Viral AI Sidekick 'Clawdbot' Changes Name To 'Moltbot' — Forbes","type":"news_article","url":"https://www.forbes.com/sites/ronschmelzer/2026/01/27/viral-ai-sidekick-clawdbot-changes-name-to-moltbot-and-sheds-its-old-skin/"}]},{"content":"On January 27, 2026, Anthropic contacted Peter Steinberger with a trademark request, citing the similarity between the project name 'Clawd' and Anthropic's registered model name 'Claude.' Steinberger acknowledged the request and announced the rebrand from ClawdBot to Moltbot the same day, stating that the name 'Molt' suited the project well. The forced and rapid rebrand created a narrow but exploitable operational gap: simultaneous renaming of the project's GitHub organization and X (formerly Twitter) account required releasing the old handles before the new ones could be secured.","heading":"The Trademark Dispute and Rebrand Trigger","severity":"medium","sources":[{"credibility":2,"name":"Clawdbot Rebrands as Moltbot After Anthropic Trademark Dispute — The Hans India","type":"news_article","url":"https://www.thehansindia.com/technology/tech-news/clawdbot-rebrands-as-moltbot-after-anthropic-trademark-dispute-1043173"},{"credibility":3,"name":"From Clawdbot to Moltbot: How a C&D, Crypto Scammers, and 10 Seconds of Chaos — DEV Community","type":"news_article","url":"https://dev.to/sivarampg/from-clawdbot-to-moltbot-how-a-cd-crypto-scammers-and-10-seconds-of-chaos-took-down-the-4eck"},{"credibility":2,"name":"Clawdbot's rename to Moltbot sparks impersonation campaign — Malwarebytes Threat Intel","type":"news_article","url":"https://www.malwarebytes.com/blog/threat-intel/2026/01/clawdbots-rename-to-moltbot-sparks-impersonation-campaign"}]},{"content":"During the approximately 10-second window between Steinberger releasing the old @clawdbot X handle and securing the new @moltbot handle, unidentified actors seized the abandoned account. The same transition exposed the GitHub organization, which was also captured. Steinberger confirmed the sequence of events: 'It wasn't hacked, I messed up the rename and my old name was snatched in 10 seconds.' The attackers are alleged to have used automated bots to monitor public social media handle release events, a technique that enables near-instantaneous acquisition of high-value usernames the moment they become available. Both the hijacked X account and the GitHub organization were then used to promote the fraudulent $CLAWD token to the project's existing follower base, lending the scam a veneer of legitimacy.","heading":"The Handle-Sniping Exploit","severity":"critical","sources":[{"credibility":2,"name":"Fake 'ClawdBot' AI Token Hits $16M Before 90% Crash — Yahoo Finance","type":"news_article","url":"https://finance.yahoo.com/news/fake-clawdbot-ai-token-hits-121840801.html"},{"credibility":2,"name":"ClawdBot Founder Warns of Token Scams After GitHub Hijack — CryptoNews","type":"news_article","url":"https://cryptonews.com/news/clawdbot-founder-denies-token-scam-github-hijack/"},{"credibility":2,"name":"Clawdbot creator Peter Steinberger: 'Crypto folks, stop harassing me' — Protos","type":"news_article","url":"https://protos.com/clawdbot-creator-peter-steinberger-crypto-folks-stop-harassing-me/"}]},{"content":"Within minutes of capturing the hijacked accounts, the unidentified actors launched a Solana-based memecoin using the symbol $CLAWD. The token was promoted through the hijacked @clawdbot X account and associated GitHub presence as though it were an official token release by the ClawdBot project. The token was minted on the Pump.fun launchpad on the Solana blockchain; a contract address confirmed in on-chain data and exchange listings is Hoi9Lo8s2PP7EM9mv9bZjQ3aSB7ijyS238sTqQjbPump. A separate token bearing the same name and ticker also appeared at address ACQCccADAxg3ZGGjb7MuXuLWUmuYtKhEEQ3bqDpvpump, indicating multiple scam tokens may have been created around the same event. The token reached an alleged peak market capitalization of approximately $16 million before Steinberger's public denial triggered a sell-off. Reports indicate the market cap fell to under $800,000 following the denial, representing a decline of approximately 90%. KuCoin's Alpha platform listed the token under the ticker CLAWD, adding exchange-level visibility to an asset that the legitimate founder had explicitly disavowed.","heading":"The $CLAWD Token Launch and Pump-and-Dump","severity":"critical","sources":[{"credibility":2,"name":"Fake 'ClawdBot' AI Token Hits $16M Before 90% Crash — Yahoo Finance","type":"news_article","url":"https://finance.yahoo.com/news/fake-clawdbot-ai-token-hits-121840801.html"},{"credibility":3,"name":"The $16 Million Clawdbot Crypto Scam: How Scammers Hijacked a Rebrand in 10 Seconds — ClawdHost Blog","type":"news_article","url":"https://clawdhost.net/blog/clawdbot-16-million-crypto-scam-what-happened/"},{"credibility":2,"name":"clawdbot (CLAWD) token — Solscan on-chain record","type":"on_chain","url":"https://solscan.io/token/Hoi9Lo8s2PP7EM9mv9bZjQ3aSB7ijyS238sTqQjbpump"},{"credibility":2,"name":"KuCoin Alpha Lists clawdbot (CLAWD) Token on Solana Chain","type":"news_article","url":"https://www.kucoin.com/news/flash/kucoin-alpha-lists-clawdbot-clawd-token-on-solana-chain"},{"credibility":2,"name":"clawd / clawdbot — DEX Screener","type":"on_chain","url":"https://dexscreener.com/solana/a57fy21eadutzxs9e6ks6knbmy8tnhz5fkbmg3oef1te"}]},{"content":"Peter Steinberger issued a public denial through verified channels on January 27, 2026, stating: 'I will never do a coin. Any project that lists me as coin owner is a SCAM.' He also asked that crypto community members cease harassing him and acknowledged he had no connection to any token. Steinberger confirmed that the X and GitHub accounts had been captured during the rename, and he denied any financial benefit or prior knowledge of the token launch. He also stated he would not accept any fees or commissions related to crypto projects. His public denial is documented across multiple independent news outlets including Decrypt, Protos, CryptoPotato, and Yahoo Finance.","heading":"Founder Denial and Public Warning","severity":"high","sources":[{"credibility":2,"name":"Clawdbot creator Peter Steinberger: 'Crypto folks, stop harassing me' — Protos","type":"news_article","url":"https://protos.com/clawdbot-creator-peter-steinberger-crypto-folks-stop-harassing-me/"},{"credibility":2,"name":"Moltbot Founder Denies Token Launch and Warns of Crypto Scams — CoinFomania","type":"news_article","url":"https://coinfomania.com/moltbot-founder-denies-token-launch-and-warns-of-crypto-scams/"},{"credibility":2,"name":"ClawdBot Founder Denies Tokens, Warns Against Crypto Scams — Altcoin Buzz","type":"news_article","url":"https://www.altcoinbuzz.io/cryptocurrency-news/clawdbot-founder-denies-tokens-warns-against-crypto-scams/"},{"credibility":2,"name":"Clawdbot Chaos: A Forced Rebrand, Crypto Scam and 24-Hour Meltdown — Decrypt","type":"news_article","url":"https://decrypt.co/356191/clawdbot-chaos-forced-rebrand-crypto-scam-24-hour-meltdown"}]},{"content":"Retail traders who purchased the $CLAWD token near its peak market capitalization of approximately $16 million experienced severe losses when the token declined by roughly 90%. Reports estimate total value destroyed at approximately $14 million, with thousands of wallets participating during the surge period. A subset of affected traders directed harassment at Steinberger, falsely attributing their losses to his public denial rather than to the underlying fraud. Some demanded he 'take responsibility' and pressed him to endorse or support the token retroactively. Steinberger explicitly rejected these demands. No compensation or recovery mechanism exists for affected token holders. Funds extracted by the scammers are considered unrecoverable given the pseudonymous nature of on-chain transactions.","heading":"Investor Losses and Community Backlash","severity":"high","sources":[{"credibility":3,"name":"ClawdBot Fake AI Token Soars to $16M Before 90% Crash — Meyka","type":"news_article","url":"https://meyka.com/blog/clawdbot-fake-ai-token-soars-to-16m-before-90-crash-2601/"},{"credibility":2,"name":"Moltbot Founder Warns of Fake CLAWD Meme Coin Scams — CryptoPotato","type":"news_article","url":"https://cryptopotato.com/moltbot-founder-warns-of-fake-clawd-meme-coin-scams/"},{"credibility":2,"name":"Fake CLAWD Meme Coins on Solana Are Scams, Warns Founder — MEXC News","type":"news_article","url":"https://www.mexc.com/news/579025"}]},{"content":"Following the initial token scam, Malwarebytes documented a broader impersonation campaign that emerged in the wake of the rename. Typosquat domains and cloned GitHub repositories appeared mimicking the legitimate OpenClaw project (the name ClawdBot adopted after Moltbot). The hijacked GitHub organization was used to host fraudulent content, and some impersonation infrastructure falsely used Steinberger's real GitHub profile and X handle in schema.org metadata to lend credibility. Security researchers also identified a supply chain attack dubbed ClawHavoc targeting OpenClaw's skills marketplace, in which over 1,184 malicious skills were submitted across 13 developer accounts, containing trojans, cryptominers, and AMOS stealer payloads. While these attacks are related to the same underlying project exploitation pattern, they represent a separate and ongoing threat distinct from the $CLAWD token pump-and-dump.","heading":"Secondary Impersonation Campaign and Supply Chain Risks","severity":"high","sources":[{"credibility":2,"name":"Clawdbot's rename to Moltbot sparks impersonation campaign — Malwarebytes Threat Intel","type":"news_article","url":"https://www.malwarebytes.com/blog/threat-intel/2026/01/clawdbots-rename-to-moltbot-sparks-impersonation-campaign"},{"credibility":2,"name":"Massive OpenClaw supply chain attack floods OpenClaw with malicious skills — SC Media","type":"news_article","url":"https://www.scworld.com/brief/massive-openclaw-supply-chain-attack-floods-openclaw-with-malicious-skills"},{"credibility":2,"name":"OpenClaw's Crypto Nightmare Just Got Worse — BeInCrypto","type":"news_article","url":"https://beincrypto.com/openclaw-creator-warns-of-crypto-phishing-wave/"},{"credibility":1,"name":"OpenClaw's Skill Marketplace and the Emerging AI Supply Chain Threat — Palo Alto Unit 42","type":"research","url":"https://unit42.paloaltonetworks.com/openclaw-ai-supply-chain-risk/"}]},{"content":"Separate from the token scam, security researchers identified serious vulnerabilities in deployed ClawdBot instances that contributed to the broader risk environment around the project at the time of the scam. SlowMist, a blockchain security firm, confirmed risks including credential theft and remote code execution. Researchers found over 780 publicly exposed ClawdBot instances discoverable through Shodan, many with unauthenticated access. An authentication system was found to automatically approve localhost connections, and reverse proxy misconfigurations allowed external access. Prompt injection attacks were demonstrated that could steal private messages in under five minutes. These vulnerabilities affected users of the legitimate software, not the fake token, but are relevant context for evaluating the overall threat landscape around this entity.","heading":"Underlying Security Vulnerabilities in the Legitimate Project","severity":"high","sources":[{"credibility":2,"name":"Clawdbot Chaos: A Forced Rebrand, Crypto Scam and 24-Hour Meltdown — Decrypt","type":"news_article","url":"https://decrypt.co/356191/clawdbot-chaos-forced-rebrand-crypto-scam-24-hour-meltdown"},{"credibility":2,"name":"OpenClaw Security: Risks of Exposed AI Agents Explained — Bitsight","type":"research","url":"https://www.bitsight.com/blog/openclaw-ai-security-risks-exposed-instances"},{"credibility":1,"name":"Technical Advisory: OpenClaw Exploitation in Enterprise Networks — Bitdefender","type":"research","url":"https://businessinsights.bitdefender.com/technical-advisory-openclaw-exploitation-enterprise-networks"}]},{"content":"The mechanism by which scammers captured the @clawdbot X handle and GitHub organization represents a documented and replicable attack pattern. Attackers are alleged to have deployed automated monitoring bots that watch for high-value social media handles to become available and claim them within seconds of release. This technique, sometimes called handle sniping or username sniping, exploits a systemic gap in major platforms' handle reservation processes: there is no atomic transfer mechanism that guarantees a project can release one name and immediately secure another without a vulnerability window. Analysts and security researchers have noted this as a novel vector for launching impersonation-based financial fraud against high-visibility technology projects undergoing rebrands. The ClawdBot incident is among the most publicly documented examples of this technique being used to launch a cryptocurrency scam.","heading":"Novel Exploit Vector: Identity Sniping During Handle Transitions","severity":"medium","sources":[{"credibility":3,"name":"The $16 Million Clawdbot Crypto Scam: How Scammers Hijacked a Rebrand in 10 Seconds — ClawdHost Blog","type":"news_article","url":"https://clawdhost.net/blog/clawdbot-16-million-crypto-scam-what-happened/"},{"credibility":3,"name":"From Clawdbot to Moltbot: How a C&D, Crypto Scammers, and 10 Seconds of Chaos — DEV Community","type":"news_article","url":"https://dev.to/sivarampg/from-clawdbot-to-moltbot-how-a-cd-crypto-scammers-and-10-seconds-of-chaos-took-down-the-4eck"},{"credibility":2,"name":"Clawdbot's rename to Moltbot sparks impersonation campaign — Malwarebytes Threat Intel","type":"news_article","url":"https://www.malwarebytes.com/blog/threat-intel/2026/01/clawdbots-rename-to-moltbot-sparks-impersonation-campaign"}]},{"content":"As of the date of this investigation, no attacker has been publicly identified. Law enforcement action has not been publicly reported. Given that the token was launched on the Solana blockchain using pseudonymous wallets via the Pump.fun launchpad, and that the primary instruments of impersonation were social media accounts captured through automated tooling, attribution is difficult without platform-level cooperation from X and GitHub. No regulatory body has issued a public statement specifically concerning the $CLAWD token scam. Funds extracted through the pump-and-dump are generally considered unrecoverable absent law enforcement seizure.","heading":"Attacker Identity and Legal Status","severity":"high","sources":[{"credibility":3,"name":"The $16 Million Clawdbot Crypto Scam: How Scammers Hijacked a Rebrand in 10 Seconds — ClawdHost Blog","type":"news_article","url":"https://clawdhost.net/blog/clawdbot-16-million-crypto-scam-what-happened/"},{"credibility":2,"name":"Moltbot Founder Warns of Fake CLAWD Meme Coin Scams — CryptoPotato","type":"news_article","url":"https://cryptopotato.com/moltbot-founder-warns-of-fake-clawd-meme-coin-scams/"}]}],"sources_used":[{"credibility":2,"name":"Fake 'ClawdBot' AI Token Hits $16M Before 90% Crash — Yahoo Finance","type":"news_article","url":"https://finance.yahoo.com/news/fake-clawdbot-ai-token-hits-121840801.html"},{"credibility":2,"name":"Clawdbot Chaos: A Forced Rebrand, Crypto Scam and 24-Hour Meltdown — Decrypt","type":"news_article","url":"https://decrypt.co/356191/clawdbot-chaos-forced-rebrand-crypto-scam-24-hour-meltdown"},{"credibility":3,"name":"The $16 Million Clawdbot Crypto Scam: How Scammers Hijacked a Rebrand in 10 Seconds — ClawdHost Blog","type":"news_article","url":"https://clawdhost.net/blog/clawdbot-16-million-crypto-scam-what-happened/"},{"credibility":2,"name":"Fake ClawdBot AI Token Hits $16M Before 90% Crash — CryptoRank","type":"news_article","url":"https://cryptorank.io/news/feed/0d835-clawdbot-founder-denies-token-scam-github-hijack"},{"credibility":3,"name":"ClawdBot Fake AI Token Soars to $16M Before 90% Crash — Meyka","type":"news_article","url":"https://meyka.com/blog/clawdbot-fake-ai-token-soars-to-16m-before-90-crash-2601/"},{"credibility":2,"name":"Moltbot Founder Warns of Fake CLAWD Meme Coin Scams — CryptoPotato","type":"news_article","url":"https://cryptopotato.com/moltbot-founder-warns-of-fake-clawd-meme-coin-scams/"},{"credibility":2,"name":"Fake CLAWD Meme Coins on Solana Are Scams, Warns Founder — MEXC News","type":"news_article","url":"https://www.mexc.com/news/579025"},{"credibility":2,"name":"Clawdbot's rename to Moltbot sparks impersonation campaign — Malwarebytes Threat Intel","type":"news_article","url":"https://www.malwarebytes.com/blog/threat-intel/2026/01/clawdbots-rename-to-moltbot-sparks-impersonation-campaign"},{"credibility":2,"name":"Moltbot Founder Denies Token Launch and Warns of Crypto Scams — CoinFomania","type":"news_article","url":"https://coinfomania.com/moltbot-founder-denies-token-launch-and-warns-of-crypto-scams/"},{"credibility":2,"name":"ClawdBot Founder Warns of Token Scams After GitHub Hijack — CryptoNews","type":"news_article","url":"https://cryptonews.com/news/clawdbot-founder-denies-token-scam-github-hijack/"},{"credibility":2,"name":"ClawdBot Founder Denies Tokens, Warns Against Crypto Scams — Altcoin Buzz","type":"news_article","url":"https://www.altcoinbuzz.io/cryptocurrency-news/clawdbot-founder-denies-tokens-warns-against-crypto-scams/"},{"credibility":2,"name":"Clawdbot creator Peter Steinberger: 'Crypto folks, stop harassing me' — Protos","type":"news_article","url":"https://protos.com/clawdbot-creator-peter-steinberger-crypto-folks-stop-harassing-me/"},{"credibility":1,"name":"Viral AI Sidekick 'Clawdbot' Changes Name To 'Moltbot' — Forbes","type":"news_article","url":"https://www.forbes.com/sites/ronschmelzer/2026/01/27/viral-ai-sidekick-clawdbot-changes-name-to-moltbot-and-sheds-its-old-skin/"},{"credibility":1,"name":"Moltbot Gets Another New Name, OpenClaw — Forbes","type":"news_article","url":"https://www.forbes.com/sites/ronschmelzer/2026/01/30/moltbot-molts-again-and-becomes-openclaw-pushback-and-concerns-grow/"},{"credibility":3,"name":"From Clawdbot to Moltbot: How a C&D, Crypto Scammers, and 10 Seconds of Chaos — DEV Community","type":"news_article","url":"https://dev.to/sivarampg/from-clawdbot-to-moltbot-how-a-cd-crypto-scammers-and-10-seconds-of-chaos-took-down-the-4eck"},{"credibility":2,"name":"clawdbot (CLAWD) token — Solscan on-chain record","type":"on_chain","url":"https://solscan.io/token/Hoi9Lo8s2PP7EM9mv9bZjQ3aSB7ijyS238sTqQjbpump"},{"credibility":2,"name":"clawd / clawdbot — DEX Screener","type":"on_chain","url":"https://dexscreener.com/solana/a57fy21eadutzxs9e6ks6knbmy8tnhz5fkbmg3oef1te"},{"credibility":2,"name":"KuCoin Alpha Lists clawdbot (CLAWD) Token on Solana Chain","type":"news_article","url":"https://www.kucoin.com/news/flash/kucoin-alpha-lists-clawdbot-clawd-token-on-solana-chain"},{"credibility":1,"name":"OpenClaw's Skill Marketplace and the Emerging AI Supply Chain Threat — Palo Alto Unit 42","type":"research","url":"https://unit42.paloaltonetworks.com/openclaw-ai-supply-chain-risk/"},{"credibility":2,"name":"Massive OpenClaw supply chain attack floods OpenClaw with malicious skills — SC Media","type":"news_article","url":"https://www.scworld.com/brief/massive-openclaw-supply-chain-attack-floods-openclaw-with-malicious-skills"},{"credibility":2,"name":"OpenClaw Security: Risks of Exposed AI Agents Explained — Bitsight","type":"research","url":"https://www.bitsight.com/blog/openclaw-ai-security-risks-exposed-instances"},{"credibility":1,"name":"Technical Advisory: OpenClaw Exploitation in Enterprise Networks — Bitdefender","type":"research","url":"https://businessinsights.bitdefender.com/technical-advisory-openclaw-exploitation-enterprise-networks"},{"credibility":2,"name":"OpenClaw's Crypto Nightmare Just Got Worse — BeInCrypto","type":"news_article","url":"https://beincrypto.com/openclaw-creator-warns-of-crypto-phishing-wave/"},{"credibility":3,"name":"OpenClaw (Clawdbot / Moltbot): When the AI With Hands Becomes a Digital Minefield — Medium / RONIN OWL CTI","type":"research","url":"https://medium.com/@scottbolen/openclaw-clawdbot-moltbot-when-the-ai-with-hands-becomes-a-digital-minefield-cti-deep-dive-720e9739320e"}],"summary":"The $CLAWD token is a fraudulent Solana memecoin launched in January 2026 by unidentified actors who exploited a roughly 10-second window during the ClawdBot-to-Moltbot brand rename to seize the project's X handle and GitHub organization. Presenting the token as an official launch by the viral open-source AI project, the scammers drove the market cap to approximately $16 million before founder Peter Steinberger publicly denied any involvement and the token collapsed by roughly 90%. No attacker has been publicly identified and investor losses are considered unrecoverable.","timeline":[{"date":"2025-12-01","event":"Peter Steinberger launches ClawdBot, an open-source AI assistant that allows users to control their computers through messaging platforms. Approximate launch date; project gains rapid traction.","source":"Decrypt","source_url":"https://decrypt.co/356191/clawdbot-chaos-forced-rebrand-crypto-scam-24-hour-meltdown"},{"date":"2026-01-26","event":"ClawdBot reaches approximately 9,000 GitHub stars within 24 hours, attracting widespread media and community attention.","source":"DEV Community","source_url":"https://dev.to/sivarampg/from-clawdbot-to-moltbot-how-a-cd-crypto-scammers-and-10-seconds-of-chaos-took-down-the-4eck"},{"date":"2026-01-27","event":"Anthropic issues a trademark request to Peter Steinberger, citing the similarity between 'Clawd' and 'Claude.' Steinberger begins the rename process to Moltbot.","source":"Forbes","source_url":"https://www.forbes.com/sites/ronschmelzer/2026/01/27/viral-ai-sidekick-clawdbot-changes-name-to-moltbot-and-sheds-its-old-skin/"},{"date":"2026-01-27","event":"During the approximately 10-second window between releasing the @clawdbot X handle and securing @moltbot, unidentified scammers seize the old X account and GitHub organization.","source":"Decrypt","source_url":"https://decrypt.co/356191/clawdbot-chaos-forced-rebrand-crypto-scam-24-hour-meltdown"},{"date":"2026-01-27","event":"Fraudulent $CLAWD token launched on Solana (Pump.fun launchpad, contract address Hoi9Lo8s2PP7EM9mv9bZjQ3aSB7ijyS238sTqQjbPump). Promoted via the hijacked @clawdbot X account and GitHub organization as an official token launch.","source":"Yahoo Finance / CryptoNews","source_url":"https://finance.yahoo.com/news/fake-clawdbot-ai-token-hits-121840801.html"},{"date":"2026-01-27","event":"Peter Steinberger publicly denies any involvement with the $CLAWD token, stating: 'I will never do a coin. Any project that lists me as coin owner is a SCAM.'","source":"Protos","source_url":"https://protos.com/clawdbot-creator-peter-steinberger-crypto-folks-stop-harassing-me/"},{"date":"2026-01-27","event":"$CLAWD token peaks at approximately $16 million market capitalization before Steinberger's denial triggers a sell-off. Market cap falls to under $800,000, a decline of approximately 90%.","source":"Yahoo Finance","source_url":"https://finance.yahoo.com/news/fake-clawdbot-ai-token-hits-121840801.html"},{"date":"2026-01-28","event":"Affected token holders direct harassment at Steinberger. Malwarebytes begins documenting a broader impersonation campaign including typosquat domains and cloned GitHub repositories.","source":"Malwarebytes Threat Intel","source_url":"https://www.malwarebytes.com/blog/threat-intel/2026/01/clawdbots-rename-to-moltbot-sparks-impersonation-campaign"},{"date":"2026-01-29","event":"Security researchers from SlowMist, Dvuln, and others publicly document critical vulnerabilities in deployed ClawdBot instances, including remote code execution and credential exposure.","source":"Decrypt","source_url":"https://decrypt.co/356191/clawdbot-chaos-forced-rebrand-crypto-scam-24-hour-meltdown"},{"date":"2026-01-30","event":"Project renamed again from Moltbot to OpenClaw. Scams and supply chain attacks against the project's user base continue under the new branding.","source":"Forbes","source_url":"https://www.forbes.com/sites/ronschmelzer/2026/01/30/moltbot-molts-again-and-becomes-openclaw-pushback-and-concerns-grow/"},{"date":"2026-02-01","event":"Palo Alto Unit 42 and SC Media report on ClawHavoc, a supply chain poisoning campaign targeting OpenClaw's skills marketplace with over 1,184 malicious skills across 13 developer accounts.","source":"Palo Alto Unit 42","source_url":"https://unit42.paloaltonetworks.com/openclaw-ai-supply-chain-risk/"}]},"v":1}