OpenClaw developers on GitHub, a collaboration and version control platform, are being targeted in a phishing campaign that uses fake token giveaways to lure victims into connecting crypto wallets that can then be drained.
The attackers created fake GitHub accounts and tagged developers in issue threads, claiming they had been selected to receive CLAW tokens worth approximately $5,000, Tel Aviv-based cybersecurity firm OX Security said in a blog post Wednesday.
The attackers’ post links to a nearly identical clone of the OpenClaw website, but with one key addition: a prompt to connect a crypto wallet. Once a wallet is connected, malicious code can trigger transactions or authorizations that allow attackers to siphon funds. The phishing site supports major wallets including MetaMask, WalletConnect and Trust Wallet, expanding the potential impact, OX said.
The campaign highlights an increasingly common attack vector in crypto: social engineering paired with wallet connection requests, often disguised as airdrops or developer rewards. By targeting GitHub users who interacted with OpenClaw-related repositories, the attackers made the outreach appear more credible.
OpenClaw is an open source AI agent framework and developer tool that has recently attracted attention and controversy over crypto-related scams exploiting its name.
Peter Steinberger, the founder of OpenClaw, said last month that he was about to delete the entire codebase because of crypto. “I didn’t know they’re not only good at harassment, they’re also really good at using scripts and tools.”
His statement followed a blanket ban he imposed on any mention of crypto, including bitcoin in the project’s Discord after scammers in January hijacked OpenClaw’s old accounts. The hackers promoted a fake CLAWD token that briefly hit a $16 million market cap before collapsing after Steinberger publicly denied any involvement.
