Overview
In late January 2026, a trademark dispute triggered a chaotic rebrand of the viral AI application Clawdbot. The brief gap between the old and new branding was exploited by crypto scammers who launched a fake token, CLAWD, on Solana. Within hours the token surged to a $16 million market cap before collapsing, while security researchers revealed widespread exposure of Clawdbot instances.
Trademark Dispute & Forced Rebrand
Steinberger, the creator of Clawdbot, was compelled to rename both the GitHub organization and the X (Twitter) account. The simultaneous change left the old handles unprotected for a few minutes, providing an opening for attackers.
Crypto Scam & 24‑Hour Token Meltdown
Scammers hijacked the abandoned handles and immediately began promoting a fabricated token called CLAWD on the Solana blockchain. Speculative traders drove the token’s market capitalization to over $16 million in less than a day. Early buyers claimed large gains, but Steinberger denied any involvement. The token’s value collapsed shortly after, leaving later investors with significant losses.
Security Flaws Exposed
During the turmoil, security firm SlowMist identified hundreds of unauthenticated Clawdbot instances exposed to the public internet. These instances leaked API keys, private chat logs, and were vulnerable to prompt‑injection attacks that could lead to credential theft and remote code execution (RCE). Researchers demonstrated an email‑based injection that forced an AI instance to forward private messages to an attacker within minutes.
Key Takeaways
- Rapid rebranding without proper account protection creates a high‑risk window for hijacking.
- Scammers can quickly fabricate and pump tokens, especially when tied to trending projects.
- Publicly exposed AI gateways pose serious credential and data‑leak risks.
- Prompt‑injection and unauthenticated API access can enable remote code execution.
- Continuous security monitoring is essential for AI services and associated crypto projects.