From Clawdbot to Moltbot: How a C&D, Crypto Scammers, and 10 Seconds of Chaos Took Down the Internet’s Hottest AI Project

The 72-Hour Unraveling of Open Source’s Fastest-Growing Star

Three days ago, Clawdbot was the darling of the AI community. 60,800 GitHub stars (and climbing). Mac Minis selling out. “Jarvis is here” tweets everywhere.

Today? The project has a new name, the founder is fighting crypto scammers, hundreds of API keys are exposed, and the community is asking: Did Anthropic just kill the golden goose that was literally building on their platform?

This is the story of how fast things fall apart when legal teams, hackers, and viral hype collide.

Part 1: The Meteoric Rise (60K+ Stars in Days)

For the uninitiated, Clawdbot (now Moltbot) was a self-hosted AI assistant created by Peter Steinberger (@steipete), the Austrian developer who founded PSPDFKit and exited to Insight Partners. It was essentially “Claude with hands” — an AI agent that didn’t just chat, but did things.

→ Persistent memory across conversations

→ Full system access (shell, browser, files)

→ Proactive notifications

→ 50+ integrations

→ Multi-platform (WhatsApp, Telegram, Slack, iMessage, Signal, Discord)

The project launched January 26, 2026. It hit 9,000 stars in its first 24 hours. By day three, it crossed 60,000+ stars — making it one of the fastest-growing open-source projects in GitHub history.

Andrej Karpathy praised it. David Sacks tweeted about it. MacStories called it “the future of personal AI assistants.”

But the killer feature? It ran locally, gave users full control, and many users specifically configured it to use Anthropic’s Claude as the brain.

The irony of what happened next is almost poetic.

Part 2: The Cease & Desist

On January 27, 2026, Steinberger announced that Anthropic had issued a trademark request forcing a rebrand.

The problem? The name “Clawd” was too similar to “Claude.”

“Anthropic asked us to change our name (trademark stuff), and honestly? ‘Molt’ fits perfectly — it’s what lobsters do to grow.”

The new branding was actually clever:

• Clawdbot → Moltbot
• Clawd → Molty
• Handle: @moltbot
• Website: molt.bot

The “same lobster soul, new shell” narrative played well. Lobsters molt to grow. The project was shedding its old identity to become something bigger.

But the execution? Absolute chaos.

Part 3: The 10-Second Disaster

Here’s where it gets wild.

During the rename process, Steinberger made a critical mistake. He tried to rename the GitHub organization and X/Twitter handle simultaneously. In the gap between releasing the old name and claiming the new one, crypto scammers snatched both accounts in approximately 10 seconds.

Steinberger’s own words:

“Had to rename our accounts for trademark stuff and messed up the GitHub rename and the X rename got snatched by crypto shills.”

“It wasn’t hacked, I messed up the rename and my old name was snatched in 10 seconds.”

“Because it’s only that community that harasses me on all channels and they were already waiting.”

The attackers had been monitoring for exactly this opportunity. The moment the old handles became available, they pounced. Now the original @clawdbot X account and GitHub org are pumping crypto scams to tens of thousands of followers who don’t know about the rebrand.

Steinberger is now begging GitHub for help recovering the account. Meanwhile, fake announcements are going out from the hijacked accounts claiming token launches, airdrops, and investment opportunities.

Part 4: The $16 Million Crypto Scam

The account hijacking wasn’t the end of it. It was the beginning.

Within hours of the rename chaos, fake $CLAWD tokens appeared on Solana. At peak, the token hit a $16 million market cap as speculators FOMO’d in, thinking they were getting early access to “the next big AI coin.”

Then Steinberger dropped the hammer:

“To all crypto folks: Please stop pinging me, stop harassing me. I will never do a coin. Any project that lists me as coin owner is a SCAM. No, I will not accept fees. You are actively damaging the project.”

The token immediately collapsed to near-zero. Late buyers got rugged. The scammers walked away with millions.

The whole saga has become a masterclass in how quickly crypto vultures can exploit mainstream tech moments.

Part 5: The Security Nightmare

While all this was happening, security researchers were finding actual vulnerabilities in Moltbot (still Clawdbot at the time).

SlowMist, a blockchain security firm, reported:

“Multiple unauthenticated instances are publicly accessible, and several code flaws may lead to credential theft and even remote code execution.”

Researcher Jamieson O’Reilly found:

“Hundreds of people have set up their Clawdbot control servers exposed to the public.”

Using Shodan, he could search for “Clawdbot Control” and find complete credentials — API keys, bot tokens, OAuth secrets, full conversation histories, the ability to send messages as users, and command execution capabilities.

In one demo, researcher Matvey Kukuy sent a malicious email with prompt injection to a vulnerable Moltbot instance. The AI read the email, believed it was legitimate instructions, and forwarded the user’s last 5 emails to an attacker address. It took 5 minutes.

The Hacker News consensus: “It’s terrifying. No directory sandboxing.”

Part 6: The Community vs. Anthropic

Now the community is asking uncomfortable questions.

Why target Clawdbot when it was driving Claude usage?

Many Moltbot users specifically configured the assistant to use Claude as the underlying model. The project was literally selling more Claude subscriptions. It demonstrated real-world use cases for Anthropic’s API. It was free marketing and a thriving ecosystem built on their platform.

Anthropic has been cracking down on “harnesses” — third-party tools that spoof the Claude Code client to access consumer subscriptions. They’ve blocked xAI staff from using Claude via Cursor. They sent DMCA notices to developers reverse-engineering Claude Code.

But Clawdbot wasn’t a harness. It was a legitimate open-source project using the official API. The trademark dispute over “Clawd” vs “Claude” feels petty to many developers, especially given that:

1. The project was 3 months old
2. It was driving real revenue to Anthropic
3. The rename caused actual security disasters
4. The phonetic similarity was clearly playful, not malicious
5. It had 60K+ stars and massive developer goodwill

DHH (David Heinemeier Hansson, Rails creator) has called Anthropic’s recent moves “customer hostile.”

The sentiment is shifting. Developers who were enthusiastic Claude advocates are now looking at OpenAI’s Codex CLI (Apache 2.0 license) and wondering if Anthropic is becoming the kind of company they don’t want to build on top of.

Part 7: What Happens Now

Peter Steinberger is fighting on multiple fronts:

→ Trying to recover hijacked GitHub/X accounts from crypto scammers

→ Dealing with harassment from token speculators

→ Managing a community of 8,900+ Discord members

→ Fixing security vulnerabilities

→ Rebuilding brand recognition after a forced rebrand

The project itself is still solid. Moltbot is the same software Clawdbot was — a genuinely impressive piece of engineering that represents the future of personal AI assistants.

But the optics are rough. A 3-month-old viral open-source project with 60K+ stars just got:

1. Legal pressure from an $18B AI company
2. Account-jacked by crypto scammers
3. Exploited for millions in fake token scams
4. Outed for serious security vulnerabilities

All in 72 hours.

The Broader Lesson

This saga highlights the fragility of the current AI ecosystem.

For open source builders: You’re building on corporate platforms with ambiguous trademark policies. One legal notice can force a rebrand that exposes you to account hijacking, scams, and chaos.

For AI companies: Your most enthusiastic evangelists are indie developers building weird, experimental tools. Sending legal notices to viral open-source projects that drive your API usage is… a choice. Google didn’t sue Android developers. OpenAI isn’t suing LangChain. There’s a playbook for fostering ecosystems, and “cease and desist” isn’t it.

For users: Self-hosting AI agents with root access is powerful and dangerous. The security model for these tools is still immature. Don’t put them on your main machine with access to crypto wallets. Use dedicated hardware, isolated accounts, and strict IP whitelisting.

Moltbot is still worth trying if you’re technical and security-conscious. It’s a glimpse of what’s coming — AI agents that actually do things, remember everything, and live where you already communicate.

Just maybe don’t run it on your personal laptop with your primary email account. And definitely don’t buy any $CLAWD tokens.

→ Follow the project at molt.bot

→ GitHub: github.com/moltbot/clawdbot

→ X: @moltbot (verified new account)

Have you tried Moltbot? What do you think about Anthropic’s trademark enforcement against a 60K+ star project? Drop your thoughts below.

#ai #opensource #anthropic #moltbot #clawdbot #crypto #security #trademark #developercommunity