MoveBit

"split('|') was added for Telegram compatibility." That single line — promoted into the base Channel class — is now CVE-2026-31977. One `|` in a sender address bypasses nanobot's allowlist entirely. BitsLab's first nanobot disclosure. Full write-up ↓

🌍 New Partnership: Claw Wallet × TagAI We are excited to announce our collaboration with TagAI @TagAIDAO! By integrating Claw Wallet’s secure, AI-native infrastructure with TagAI's social prediction-driven community layer, we are setting a new standard for the AI Agent ecosystem. Together, we’re making on-chain AI interactions more seamless, secure, and social. 🛡️ Proudly building the future of AI Agents together on @BNBCHAIN ! 🟡 #ClawWallet #TagAI #Web3AI #AIAgents #Crypto #TagClaw #BNBChain #BuildOnBNB

🎉 We’re excited to share that MoveBit will be presenting today at the Web3 Scholars Conference 2026 in Hong Kong. web3scholar.org Our presentation: “Beyond Guesswork: LLM Driven Semantic Distillation to Fuzz and Exploit Smart Contracts” 🏆 Presenting on site today: Ziqiao Kong and Wanxu Xia Authors: Ziqiao Kong (Nanyang Technological University) Wanxu Xia (Beihang University) Borui Li (Jilin University) Yi Lu (MoveBit) Pan Li (BitsLab) Yang Liu (Nanyang Technological University) Proud to contribute to smart contract security research at the intersection of LLMs, fuzzing, DeFi semantics, and vulnerability discovery. See you at #Web3Scholars2026 in Hong Kong. @DRK_Lab #MoveBit #BitsLab #SmartContractSecurity #BlockchainSecurity #DeFiSecurity #Web3

Static code audits cannot catch attacks that use legitimate entry points. The Volo incident wasn't a contract bug — it was a privilege design flaw. When a single Keeper holds both `OperatorCap` and oracle submission rights, the loss_tolerance check becomes a self-validating loop the moment that key is compromised. Move's type system protects you from many things. It does not protect you from trusting the wrong signer.

🚨 Incident Analysis: Volo Protocol (Sui) Vault Exploit On 2026-04-21, Volo Protocol on Sui suffered a vault theft resulting in ~$3.27M in direct losses, plus ~$230K in LP share-ratio collapse — combined impact of ~$3.5M. BitsLab's post-incident analysis below. 👇

$292M vanished in a single transaction. Not from a complex zero-day. Not from a reentrancy bug. From one number set wrong in a config file. Here's what happened to Kelp DAO's rsETH bridge — and why it matters for every cross-chain protocol.

DVN misconfiguration is the new "approve unlimited allowance." It looks harmless in code review. It's catastrophic in production. 1-of-1 DVN on a $292M bridge path — this is exactly the class of architectural risk our audits flag before it ships, not after. Read the full breakdown by @0xbitslab

对 tagclaw的产品一直很 respect！ tagclaw 在 agent 社交分发和 agent swam 上面走在行业前沿，@0xNought 一直是DAO社区的OG，现在在探索 agent 自治世界，很高兴 tagclaw在用 claw wallet 底层沙箱管理私钥分片和安全风控。

Claw Wallet 🤝 TagClaw We are excited to announce our collaboration with TagClaw @TagClaw! 🦀 TagClaw is an on-chain Social & Collaborative Network for AI Agents. By integrating TagClaw’s skills into Claw Wallet, we are setting a new standard for the AI Agent ecosystem—enabling smarter coordination and modular capabilities for digital entities. 🔥We are honoured to be building this future together on BNB Chain @BNBCHAIN. Let’s push the boundaries of decentralised AI! #BNBChain #Crypto #AI #AIAgents #TagClaw #ClawWallet #TagAI

🤝 Claw Wallet x GoPlus Security Safeguarding the Future of the AI Agent Economy We are proud to announce a strategic partnership with @GoPlusSecurity, marking a pivotal milestone in building the foundational security layer for the #AIAgent era. 🌐 Redefining the Agent Infrastructure: 🔹 SafuSkill Integration: Revolutionising how AI capabilities are valued by turning "Skills" into tokenised on-chain assets with sustainable revenue streams for creators. 🔹 AgentGuard Protection: Deploying industry-leading security intelligence to provide real-time scanning and risk visualisation for every autonomous interaction. Together, we aren't just building a wallet—we are securing the next evolution of decentralised intelligence. 🛡️ #Web3 #ArtificialIntelligence #AI #CryptoSecurity #FutureTech #ClawWallet #GoPlus

🔒 Bitcoin Depot Security Incident Analysis On March 23, 2026, Bitcoin Depot @Bitcoin_Depot suffered a cyberattack that resulted in the theft of 50.903 BTC (~$3.665M) from its digital asset settlement accounts. The incident was disclosed via SEC 8-K filing on April 8. Our team at BitsLab has completed a full breakdown 👇

Today, Claw Wallet is live 🎉 Install now → clawwallet.cc 2026 — the year of Agentic Finance. Also, the year Agents dumped $250K due to a "misunderstanding" and were tricked into draining their own wallets. 250,000+ Agents on-chain. $52B market. Most of them? Swimming naked. We built #ClawWallet to end that — Claw Wallet Launches to Shield On-Chain Assets for AI Agents 🔐 Key sharding — no single point of compromise 🛡️ Policy-layer risk control that reads Agent behaviour before signing ⚡ One-click setup, auto mode, SDK for advanced ops 🚫 Malicious contracts blocked by default Your Agent runs fast. Your keys stay in YOUR hands. You spent the time building your Agent. Now give it a secure home. Install now → clawwallet.cc

@PawtatoFinance We are pleased to have completed the comprehensive security audit for @PawtatoFinance 🔐 At MoveBit, we remain committed to upholding the highest security standards to ensure the safety and integrity of the Sui ecosystem.

𝗣𝗮𝘄𝘁𝗮𝘁𝗼 𝗟𝗮𝗻𝗱 𝗔𝘂𝗱𝗶𝘁 𝗖𝗼𝗺𝗽𝗹𝗲𝘁𝗶𝗼𝗻 ✅ We mark a major step as our smart contracts have successfully passed a comprehensive audit by @MoveBit_ This reflects our commitment to building a gaming ecosystem where trust, transparency, and protection come first. Through rigorous review and reinforcement of our systems, we’re ensuring that your Pawtato Lands and Heroes assets remain exactly where they belong - in your hands. As we continue to grow, so does our responsibility to you. It is our duty to meet higher security standards and build a stronger foundation where our community can play, build, and grow with confidence, knowing that what they earn, own, and create is protected every step of the way. 🌱

⚠️ Attention OpenClaw Builders & Developers! A sophisticated phishing scam is targeting our community via GitHub. According to a security news by Coindesk, scammers are using fake $CLAW airdrops to drain wallets. 🛡️ Here is our breakdown of the attack and how to stay safe: 🚩 The Hook: It starts with a GitHub tag, issue, or discussion notification. You’ll be told you’ve been “selected” for an exclusive $CLAW airdrop or contributor allocation. 🔗 The Trap: They lead you to a high-quality spoofed website. These sites are designed to trick you into signing malicious transactions, revealing private keys, or downloading malware. 🚨 Red Flags: Be highly suspicious of any message about “airdrops,” “rewards,” or “allocations,” especially if it creates urgency. Scammers often use this kind of language to pressure people into acting before they verify. ⚠️ ✅ Stay Safe: Never connect your wallet to unverified links. Always cross-check via official OpenClaw documentation and verified social channels. Don't let your hard work be stolen. Read the full details of this ongoing attack here: coindesk.com/tech/2026/03/1… #OpenClaw #Web3Security #GitHub #PhishingAlert #CryptoSafety

Is your AI Agent an assistant or a security liability? 🤖🛡️ When AI gains shell execution and network permissions, it's no longer just a "chatbot"—it's an operator. We’ve released the Nanobot User Security Practice Guide to help you build a three-layer defence. Read our latest deep dive: 🔗 movebit.xyz/blog/post/Bits… #BitsLab #AISecurity #CyberSecurity #Web3 #Nanobot #AI #ZeroTrust

UniswapV4Router04 Exploit Analysis On March 3, 2026, the swap(bytes,uint256) function of #UniswapV4Router04 on ETH was exploited. By bypassing authorisation checks, the attacker transferred 42,606.96 USDC from authorised addresses and swapped it for approximately 21.198 ETH (~$42,607). Attack tx: etherscan.io/tx/0xfe34c4bee… This attack does not require the victim's private key. It only requires that the victim has previously granted a high or infinite USDC allowance to this Router. Detailed principle analysis below 👇