March 6 News: Despite the long-standing claim of decentralization in the cryptocurrency industry, DeFi frontends still heavily rely on Cloudflare to protect website security. However, this week, an autonomous AI agent called OpenClaw, utilizing the open-source library Scrapling, demonstrated the ability to bypass multiple layers of Cloudflare defenses, raising security concerns.
OpenClaw can run on a Mac Mini or cloud server, simulating human behavior and proxy IP addresses to bypass Cloudflare’s Turnstile and Interstitials. This Python library supports concurrent multi-session scraping, with parsing speeds over 600 times faster than traditional crawlers like BeautifulSoup. Developers emphasize that this tool can legally scrape website content but may also be used to test security vulnerabilities.
The crypto industry has long depended on Cloudflare for defense, but there have been painful lessons in the past. In 2021, BadgerDAO lost $130 million due to a Cloudflare Workers API key leak; Curve Finance experienced DNS hijacking in 2022 and 2025, resulting in losses of millions of dollars and forced domain migrations. In July 2024, DNS attacks on the Squarespace platform affected 228 DeFi protocols, and in 2025, Aerodrome Finance suffered DNS hijacking losses exceeding $1 million.
Analysts point out that the centralized infrastructure of DeFi frontends carries structural risks, including DNS records, CDN scripts, and Cloudflare configurations. Although Scrapling has not yet triggered actual hacking incidents, it demonstrates the potential threat of AI technology to traditional security systems.
Crypto developers are reminded that relying solely on client-side validation or Cloudflare challenge components is insufficient for security. A multi-layer defense strategy should be implemented when designing frontends and smart contract interactions. Experts state that the emergence of Scrapling marks the entry of AI agents into the crypto security field, and DeFi frontends must proactively address new risks of automated scraping and bypassing.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
