DEV Community

Cover image for From Clawdbot to Moltbot: How a C&D, Crypto Scammers, and 10 Seconds of Chaos Took Down the Internet's Hottest AI Project
Sivaram
Sivaram

Posted on

From Clawdbot to Moltbot: How a C&D, Crypto Scammers, and 10 Seconds of Chaos Took Down the Internet's Hottest AI Project

#clawdbot #anthropic #ai #opensource

The 72-Hour Unraveling of Open Source's Fastest-Growing Star

Three days ago, Clawdbot was the darling of the AI community. 60,800 GitHub stars (and climbing). Mac Minis selling out. "Jarvis is here" tweets everywhere.

Today? The project has a new name, the founder is fighting crypto scammers, hundreds of API keys are exposed, and the community is asking: Did Anthropic just kill the golden goose that was literally building on their platform?

This is the story of how fast things fall apart when legal teams, hackers, and viral hype collide.

Part 1: The Meteoric Rise (60K+ Stars in Days)

For the uninitiated, Clawdbot (now Moltbot) was a self-hosted AI assistant created by Peter Steinberger (@steipete), the Austrian developer who founded PSPDFKit and exited to Insight Partners. It was essentially "Claude with hands" — an AI agent that didn't just chat, but did things.

→ Persistent memory across conversations

→ Full system access (shell, browser, files)

→ Proactive notifications

→ 50+ integrations

→ Multi-platform (WhatsApp, Telegram, Slack, iMessage, Signal, Discord)

The project launched late 2025. It hit 9,000 stars very quickly 24 hours. in recent days it has crossed 60,000+ stars — making it one of the fastest-growing open-source projects in GitHub history.

Andrej Karpathy praised it. David Sacks tweeted about it. MacStories called it "the future of personal AI assistants."

But the killer feature? It ran locally, gave users full control, and many users specifically configured it to use Anthropic's Claude as the brain.

The irony of what happened next is almost poetic.

Part 2: The Cease & Desist

On January 27, 2026, Steinberger announced that Anthropic had issued a trademark request forcing a rebrand.

The problem? The name "Clawd" was too similar to "Claude."

"Anthropic asked us to change our name (trademark stuff), and honestly? 'Molt' fits perfectly — it's what lobsters do to grow."

The new branding was actually clever:

  • ClawdbotMoltbot
  • ClawdMolty
  • Handle: @moltbot
  • Website: molt.bot

The "same lobster soul, new shell" narrative played well. Lobsters molt to grow. The project was shedding its old identity to become something bigger.

But the execution? Absolute chaos.

Part 3: The 10-Second Disaster

Here's where it gets wild.

During the rename process, Steinberger made a critical mistake. He tried to rename the GitHub organization and X/Twitter handle simultaneously. In the gap between releasing the old name and claiming the new one, crypto scammers snatched both accounts in approximately 10 seconds.

Steinberger's own words:

"Had to rename our accounts for trademark stuff and messed up the GitHub rename and the X rename got snatched by crypto shills."

"It wasn't hacked, I messed up the rename and my old name was snatched in 10 seconds."

"Because it's only that community that harasses me on all channels and they were already waiting."

The attackers had been monitoring for exactly this opportunity. The moment the old handles became available, they pounced. Now the original @clawdbot X account and GitHub org are pumping crypto scams to tens of thousands of followers who don't know about the rebrand.

Steinberger is now begging GitHub for help recovering the account. Meanwhile, fake announcements are going out from the hijacked accounts claiming token launches, airdrops, and investment opportunities.

Part 4: The $16 Million Crypto Scam

The account hijacking wasn't the end of it. It was the beginning.

Within hours of the rename chaos, fake $CLAWD tokens appeared on Solana. At peak, the token hit a $16 million market cap as speculators FOMO'd in, thinking they were getting early access to "the next big AI coin."

Then Steinberger dropped the hammer:

"To all crypto folks: Please stop pinging me, stop harassing me. I will never do a coin. Any project that lists me as coin owner is a SCAM. No, I will not accept fees. You are actively damaging the project."

The token immediately collapsed to near-zero. Late buyers got rugged. The scammers walked away with millions.

The whole saga has become a masterclass in how quickly crypto vultures can exploit mainstream tech moments.

Part 5: The Security Nightmare

While all this was happening, security researchers were finding actual vulnerabilities in Moltbot (still Clawdbot at the time).

SlowMist, a blockchain security firm, reported:

"Multiple unauthenticated instances are publicly accessible, and several code flaws may lead to credential theft and even remote code execution."

Researcher Jamieson O'Reilly found:

"Hundreds of people have set up their Clawdbot control servers exposed to the public."

Using Shodan, he could search for "Clawdbot Control" and find complete credentials — API keys, bot tokens, OAuth secrets, full conversation histories, the ability to send messages as users, and command execution capabilities.

In one demo, researcher Matvey Kukuy sent a malicious email with prompt injection to a vulnerable Moltbot instance. The AI read the email, believed it was legitimate instructions, and forwarded the user's last 5 emails to an attacker address. It took 5 minutes.

The Hacker News consensus: "It's terrifying. No directory sandboxing."

Part 6: The Community vs. Anthropic

Now the community is asking uncomfortable questions.

Why target Clawdbot when it was driving Claude usage?

Many Moltbot users specifically configured the assistant to use Claude as the underlying model. The project was literally selling more Claude subscriptions. It demonstrated real-world use cases for Anthropic's API. It was free marketing and a thriving ecosystem built on their platform.

Anthropic has been cracking down on "harnesses" — third-party tools that spoof the Claude Code client to access consumer subscriptions. They've blocked xAI staff from using Claude via Cursor. They sent DMCA notices to developers reverse-engineering Claude Code.

But Clawdbot wasn't a harness. It was a legitimate open-source project using the official API. The trademark dispute over "Clawd" vs "Claude" feels petty to many developers, especially given that:

  1. The project was 3 months old
  2. It was driving real revenue to Anthropic
  3. The rename caused actual security disasters
  4. The phonetic similarity was clearly playful, not malicious
  5. It had 60K+ stars and massive developer goodwill

DHH (David Heinemeier Hansson, Rails creator) has called Anthropic's recent moves "customer hostile."

The sentiment is shifting. Developers who were enthusiastic Claude advocates are now looking at OpenAI's Codex CLI (Apache 2.0 license) and wondering if Anthropic is becoming the kind of company they don't want to build on top of.

Part 7: What Happens Now

Peter Steinberger is fighting on multiple fronts:

→ Trying to recover hijacked GitHub/X accounts from crypto scammers

→ Dealing with harassment from token speculators

→ Managing a community of 8,900+ Discord members

→ Fixing security vulnerabilities

→ Rebuilding brand recognition after a forced rebrand

The project itself is still solid. Moltbot is the same software Clawdbot was — a genuinely impressive piece of engineering that represents the future of personal AI assistants.

But the optics are rough. A 3-month-old viral open-source project with 60K+ stars just got:

  1. Legal pressure from an $18B AI company
  2. Account-jacked by crypto scammers
  3. Exploited for millions in fake token scams
  4. Outed for serious security vulnerabilities

All in 72 hours.

The Broader Lesson

This saga highlights the fragility of the current AI ecosystem.

For open source builders: You're building on corporate platforms with ambiguous trademark policies. One legal notice can force a rebrand that exposes you to account hijacking, scams, and chaos.

For AI companies: Your most enthusiastic evangelists are indie developers building weird, experimental tools. Sending legal notices to viral open-source projects that drive your API usage is... a choice. Google didn't sue Android developers. OpenAI isn't suing LangChain. There's a playbook for fostering ecosystems, and "cease and desist" isn't it.

For users: Self-hosting AI agents with root access is powerful and dangerous. The security model for these tools is still immature. Don't put them on your main machine with access to crypto wallets. Use dedicated hardware, isolated accounts, and strict IP whitelisting.

Moltbot is still worth trying if you're technical and security-conscious. It's a glimpse of what's coming — AI agents that actually do things, remember everything, and live where you already communicate.

Just maybe don't run it on your personal laptop with your primary email account. And definitely don't buy any $CLAWD tokens.

Follow the project at molt.bot

GitHub: github.com/moltbot/clawdbot

X: @moltbot (verified new account)

Have you tried Moltbot? What do you think about Anthropic's trademark enforcement against a 60K+ star project? Drop your thoughts below.

#ai #opensource #anthropic #moltbot #clawdbot #crypto #security #trademark #developercommunity

👋 About the Author

If you made it this far, you probably care about shipping fast without breaking things.

I build AI x Crypto MVPs for startups who need to go from idea to working product in weeks, not months.

What I do:

🤖 AI agents & chatbot interfaces (yes, including the one you could be using right now)
⛓️ Crypto integrations (EVM, Solana, L2s, Privy, smart contracts)
🛠️ DevTools & NPM packages that actually solve problems
🚀 SEO-optimized web apps that rank
Currently: Building open-source tools and taking on select freelance projects.

Let's talk:
🐦 Twitter: @SivaramPg
📦 GitHub: github.com/SivaramPg
🌐 Portfolio: sivaramp.com
📧 Email: [dev.sivaramp@gmail.com]

P.S. If you're building something weird in AI or crypto and want to bounce ideas, my DMs are open. No pitch, just nerding out.

Top comments (4)

Collapse
 
fhillipgcastillo profile image
Fhillip G. Castillo

yesterday I was reading and reasearching about clawdbot/bolbot and in my impressions it gave 2 feellings, the first was like wow just an AI as I would like to have for personal use and have fun and second, I worried about exposing it to the internet/public/whatapp/telegram/etc and worried about how bad could that be in security aspects?

Today after your post while reading the "shodan" stuff in the security topic, I when out and search in shodan and there is around 780 findings that are exposing clawdbot to the internet which make them target of bad hackers and I found a good amount of details like location, ips, main open ports, where in the machine it's allocated and more, and it just take me less than a minute to find them out. I can't imagine how much info an experienced cyber security or hacker could get from the victims/users exposing their bots to the public.

btw thank you for your post, it's well structure and its really clear!

Collapse
 
sivarampg profile image
Sivaram

Glad you found it useful

Collapse
 
nicolas_hug_b3f89c8419421 profile image
Nicolas HUG

"The project launched January 26, 2026". No, Clawdbot was launched before the January 26, 2026.

Collapse
 
sivarampg profile image
Sivaram

Thanks for pointing it out.