BitsLab

⚠️ Attention OpenClaw Builders & Developers! A sophisticated phishing scam is targeting our community via GitHub. According to a security news by Coindesk, scammers are using fake $CLAW airdrops to drain wallets. 🛡️ Here is our breakdown of the attack and how to stay safe: 🚩 The Hook: It starts with a GitHub tag, issue, or discussion notification. You’ll be told you’ve been “selected” for an exclusive $CLAW airdrop or contributor allocation. 🔗 The Trap: They lead you to a high-quality spoofed website. These sites are designed to trick you into signing malicious transactions, revealing private keys, or downloading malware. 🚨 Red Flags: Be highly suspicious of any message about “airdrops,” “rewards,” or “allocations,” especially if it creates urgency. Scammers often use this kind of language to pressure people into acting before they verify. ⚠️ ✅ Stay Safe: Never connect your wallet to unverified links. Always cross-check via official OpenClaw documentation and verified social channels. Don't let your hard work be stolen. Read the full details of this ongoing attack here: coindesk.com/tech/2026/03/1… #OpenClaw #Web3Security #GitHub #PhishingAlert #CryptoSafety

Excited to have our Co-founder @0xyilu join this Space! He’ll be diving deep into how we’re integrating threat intelligence to build a more secure future for onchain agents. Don’t miss out! 🛡️

We are thrilled to co-host the OpenClaw SV Builder Meetup in Palo Alto! 🚀 📅 Mar 24 | 5-8 PM 📍 Palo Alto, CA 🔗 Register: luma.com/ocgm1 The era of Agentic AI + One-Person Companies (OPC) is here. Join us to see how developers are scaling autonomous systems from tools into full companies. Let’s build the decentralized future of agents together. @OnePieceLabs #OpenClaw #AI #Web3 #OpenClaw #OPC

🤖 OpenClaw SV Builder Meetup – Palo Alto 🚀 AI Agents are evolving FAST → from tools → operators → full products → even companies. We’re entering the era of Agentic AI + One-Person Companies (OPC) 🧑‍🚀 📅 Mar 24 🕔 5–8 PM (PDT) 📍 Palo Alto 🔗 luma.com/ocgm1

OpenClaw Silicon Valley Builder Meetup 🦞 As #AIAgent evolves from tools into autonomous production units, the singularity of #Web4.0 is approaching. Individuals can now leverage intelligent systems to enter the era of one-person companies (#OPC). This #Meetup will bring together local #Builders in Silicon Valley and leading practitioners from the Asia-Pacific region. The session will focus on OpenClaw’s real-world implementation and #AgenticAI applications, featuring closed-door discussions and insights from different markets. 🤝 Co-hosted by: @OnePieceLabs, @iPolloClaw, @MetaEraCN, Cadence Kapital, Haven 📅 Time: March 24, 2026 | 5:00–8:00 PM (PDT) 📍 Location: Palo Alto, CA 🔗 Limited seats available — register now: me.news/events/535

BitsLab 🤝 Superpower Agents just got their first onchain security skill. We're partnering with @0xbitslab to make onchain safer for agents. - Genesis security skill: purpose-built to protect agents onchain - Threat intelligence: skills on Superpower are scanned before they go live - Safer for agents: security as a native layer, not an afterthought Your agent doesn't just operate onchain. It operates onchain safely.

Excited to partner with @superpowerdotio to bring stronger onchain security to AI agents 🤝 At BitsLab, we believe security should be built into the infrastructure, not added later. Looking forward to making the onchain agent ecosystem safer together. 🔒

When an AI moves from "chatbot" to "operator" with shell access and network permissions, the stakes change. Key Takeaways of this article: 🛡️ Three-Layer Security: Combining Human oversight, AI self-audit, and Deterministic scripts. 🧠 Cognitive Awakening: A built-in CoT mechanism that turns your Agent into its own Security Auditor. 🚫 Zero-Trust execution: Hard-interception of malicious commands like reverse shells and unauthorised data exfiltration. 📦 Containerised Safety: Why Docker and non-root users are non-negotiable for AI deployment. Don't let a single prompt injection compromise your entire system. Level up your AI security game now! Read the article 👇

@Enclave_ZK 🛡️

Enclave has successfully completed a code security audit conducted by BitsLab ✅🔍 This audit covered core contracts and critical logic, further validating the security and stability of the protocol at both the architectural and implementation levels 🔐 Security remains the foremost priority in privacy-focused financial infrastructure. #Enclave #SecurityAudit #BitsLab #Web3 #PrivacyFinance

Is your AI Agent an assistant or a security liability? 🤖🛡️ When AI gains shell execution and network permissions, it's no longer just a "chatbot"—it's an operator. We’ve released the Nanobot User Security Practice Guide to help you build a three-layer defence. Read our latest deep dive: 🔗 movebit.xyz/blog/post/Bits… #BitsLab #AISecurity #CyberSecurity #Web3 #Nanobot #AI #ZeroTrust

BitsLab team identified several security issues in Nanobot (@nanobot_hku), which is a very popular personal AI assistant framework. This issue, discovered by @wased52365497, might be the first publicly acknowledged critical security issue! Thank you so much for the quick response and credit from the team @xubinrencs! We will dive into more personal AI assistant frameworks and help improve their security.

What an incredible energy at the Decentralized AI Builders Meetup in SF! 🌉 😊 A huge thank you to everyone who joined us at the AWS Builder Loft to explore the future of AI Security, Autonomous Systems, and AI as an Economic Actor. The insights shared by our builders and the community were truly next-level. Shoutout to our amazing partners and speakers for making this a sold-out success! The decentralized AI revolution is just getting started. 🌐 See you at the next one! #BitsLab #DecentralizedAI #Web3AI #SanFrancisco #AI #Blockchain #AutonomousAgents #AWSBuilderLoft #TechMeetup #SFEvents #InnovatorCoffeePodcast @AEON_Community @CipherOwl @LangrenusFund @TechTrendsWeb3 @Virgo_Global @WalletV_io @OnePieceLabs @pinai_io @Nevermined_ai @namefi_io @D3ServeLabs

6/ For Web3 users, always remember to periodically revoke or clear allowances. For daily interactions, try to use limited allowances as much as possible.

5/ A key takeaway for developers: permission checks must never rely on fixed calldata offsets. Dynamic parameters must be decoded dynamically according to their actual offsets.

UniswapV4Router04 Exploit Analysis On March 3, 2026, the swap(bytes,uint256) function of #UniswapV4Router04 on ETH was exploited. By bypassing authorisation checks, the attacker transferred 42,606.96 USDC from authorised addresses and swapped it for approximately 21.198 ETH (~$42,607). Attack tx: etherscan.io/tx/0xfe34c4bee… This attack does not require the victim's private key. It only requires that the victim has previously granted a high or infinite USDC allowance to this Router. Detailed principle analysis below 👇