What was the Lobstar Wilde OpenClaw incident?

An OpenClaw-based DeFi trading agent called Lobstar Wilde mistakenly transferred all 52.43M LOBSTAR tokens ($441K) due to a quantity parsing error. The tokens were liquidated for $40K.

Who built the Lobstar Wilde trading agent?

Nik Pash, an OpenAI employee, built it using the OpenClaw framework for autonomous DeFi trading.

Is OpenClaw safe for crypto trading?

No. China Internet Finance Association lists OpenClaw as high-risk for unauthorized fund transfers. Without human-in-the-loop verification, a simple parsing bug becomes a financial catastrophe.

What caused the Lobstar Wilde token transfer error?

A quantity parsing error. While processing a help message requesting 4 SOL, the agent sent all 52.43M LOBSTAR tokens (5% of total supply) to a random address.

← Back to dashboard

clawsmith.com/signal/openclaw-lobstar-wilde-52m-token-defi-loss

⚠ IssueWide OpenLive

OpenClaw AI Trading Agent Lobstar Wilde Mistakenly Transfers 52.43M Tokens ($250K) — DeFi Exploit Cascade

Q: How much was lost in the OpenClaw DeFi exploit?

The initial error transferred tokens worth $441K (liquidated for $40K). Malicious actors replicated the exploit causing additional hundreds of thousands in cascading losses.

OpenAI employee Nik Pash built Lobstar Wilde on OpenClaw. A quantity parsing error caused the agent to transfer all 52.43M LOBSTAR tokens (5% of total supply, $441K) instead of 4 SOL. Tokens liquidated for $40K. Malicious actors replicated the exploit causing additional losses. China Internet Finance Association now lists OpenClaw as high-risk for unauthorized fund transfers.

Product Idea from this Signal

A transaction firewall that blocks OpenClaw agents from sending funds or signing transactions without human approval

An OpenClaw trading agent named Lobstar Wilde accidentally transferred 52.43M tokens worth $250K in a single unreviewed transaction, triggering a DeFi exploit cascade. There is no built-in mechanism to intercept financial operations before they execute. This tool wraps all wallet-interacting MCP tools with a mandatory approval gate that catches outbound transfers, contract approvals, and token swaps above configurable thresholds, then pauses execution until a human confirms via mobile push or CLI prompt.

SECURITYDEFICLIOPEN-SOURCE

UnderservedView Opportunity →