Gate News message. On March 31, the SlowMist security team issued an alert. As of March 31, 2026, public intelligence shows that axios@1.14.1 and axios@0.30.4 have both been confirmed as malicious versions. Both have been implanted with an additional dependency, plain-crypto-js@4.2.1. This dependency can deliver cross-platform malicious payloads via a postinstall script.
The impact of this incident on OpenClaw needs to be judged by scenario: 1) In the source build scenario, there is no impact. In v2026.3.28, the lock file actually locks axios@1.13.5 / 1.13.6, which does not match the malicious versions; 2) In the scenario of running npm install -g openclaw@2026.3.28, there is a risk of historical exposure. The reason is that the dependency chain includes openclaw -> @line/bot-sdk@10.6.0 -> optionalDependencies.axios@^1.7.4. Within the time window when the malicious versions are still online, it may resolve to axios@1.14.1; 3) The current reinstallation results show that npm has rolled back resolution to axios@1.14.0. However, for environments where installation occurred within the attack window, it is still recommended to treat it as an affected scenario and investigate IoC.
SlowMist advises that if a plain-crypto-js directory is found, even if its package.json has been cleaned up, it should be treated as a high-risk execution artifact. For hosts that ran npm install or npm install -g openclaw@2026.3.28 within the attack window, it is recommended to immediately rotate credentials and conduct host-side investigation.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Crypto Whale Sues Coinbase Over $55M Stolen DAI
An anonymous crypto whale identified as "D.B." filed a lawsuit on Monday against Coinbase and an alleged thief, alleging the exchange improperly refused to return frozen funds tied to a 2024 crypto theft worth approximately $55 million in DAI, according to the lawsuit filing reviewed by The
CryptoFrontier19m ago
Bitcoin Core discloses bug that could let miners crash nodes
Bitcoin Core developers disclosed a high-severity bug that could allow miners to remotely crash some Bitcoin nodes.
Summary
Bitcoin Core disclosed CVE-2024-52911, affecting versions before 29.0, with older nodes still exposed online.
Miners needed costly proof-of-work blocks to trigger
Cryptonews2h ago
North Korea Terror Attack Verdict Holder Escalates Dispute for Control of $71 million in Aave Frozen Assets: Cites Anti-Terrorism Insurance Law
North Korea terror attack case escalates: $71 million in Aave frozen assets enter a third round. The plaintiffs now invoke the TRIA statute to claim that ETH is North Korea’s state property, stressing fraud rather than theft to get around the thief-not-possessor-of-stolen-goods defense, while also challenging Aave’s standing and governance status. DeFi United has raised more than $328 million, with sufficient funding to compensate affected users. The case could become a key precedent for DeFi legal principles and DAO governance.
ChainNewsAbmedia3h ago
Crypto whale sues Coinbase, accusing it of freezing stolen DAI and then refusing to return it
According to The Block on May 6, an anonymous crypto whale who filed a lawsuit under the pseudonym “DB” sued Coinbase and the accused thief “John Doe” on Monday, accusing Coinbase of refusing to return frozen DAI funds related to a 2024 crypto theft case even after it provided sworn affidavit proof that it is the legitimate owner.
MarketWhisper5h ago
North Korea Terror Victims File Motion to Seize $71M From Aave Hack, Reframe as Fraud
Attorneys for victims of three North Korea terrorism cases filed a 30-page response on Tuesday, reframing the April 18 Aave hack as fraud rather than theft. The distinction carries legal significance: characterizing the incident as fraud could grant the attackers legal title to the borrowed
GateNews5h ago
