OpenClaw developers on GitHub, a collaboration and version control platform, are being targeted by a phishing campaign that uses fake token giveaways to lure victims into connecting crypto wallets that can then be emptied.
The attackers created fake GitHub accounts and tagged developers in issue threads, claiming they had been selected to receive approximately $5,000 in CLAW tokens, Tel Aviv-based cybersecurity firm OX Security said in a blog post Wednesday.
The attackers’ posts link to a nearly identical clone of the OpenClaw website, but with a key addition: a message to connect a crypto wallet. Once a wallet is connected, malicious code can trigger transactions or approvals that allow attackers to siphon funds. The phishing page supports major wallets including MetaMask, WalletConnect and Trust Wallet, broadening the potential impact, OX said.
The campaign highlights an increasingly common attack vector in cryptocurrencies: social engineering combined with wallet connection requests, often disguised as airdrops or developer rewards. By targeting GitHub users interacting with OpenClaw-related repositories, the attackers made the reach look more credible.
OpenClaw is an open source AI agent framework and development tool that has recently attracted attention and controversy over cryptocurrency-related scams exploiting its name.
Peter Steinberger, the founder of OpenClaw, said last month that he was on the verge of removing the entire code base because of cryptocurrencies. “I didn’t know that not only are they good at stalking, but they are also very good at using scripts and tools.”
His statement followed a blanket ban he placed on any mention of cryptocurrencies, including bitcoin. on the project’s Discord after scammers hijacked old OpenClaw accounts in January. Hackers promoted a fake CLAWD token that briefly reached a market cap of $16 million before crashing after Steinberger publicly denied any involvement.
