Gate News, March 17 — The 360 Security Team responded to the security breach involving the OpenClaw wildcard certificate and private key leak. The official statement said that the leak was caused by a operational mistake, where the team accidentally packaged an internal domain certificate into the installation package. The affected certificate was *.myclaw.360.cn, which resolves to 127.0.0.1 (localhost), used only on the user’s local machine and not providing any external services. After receiving reports from multiple security researchers, 360 has applied for the revocation of the certificate. The certificate is now invalid and can no longer be used for any legitimate HTTPS encrypted communication. The official statement assured that regular users are unaffected. Although there was a theoretical risk of man-in-the-middle attacks during the leak, the actual risk is limited since the certificate’s service only runs in a local environment.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
