OpenClaw developers on GitHub, a collaboration and version control platform, are being targeted in a phishing campaign using fake tokens to trick victims into connecting crypto wallets which can then be emptied.
The attackers created fake GitHub accounts and identified developers in threads, claiming they had been selected to receive around $5,000 worth of CLAW tokens, Tel Aviv-based cybersecurity firm OX Security said in a blog post on Wednesday.
The attackers’ messages link to a nearly identical clone of the OpenClaw website, but with one key addition: a prompt to connect a crypto wallet. Once a wallet is connected, malicious code can trigger transactions or approvals allowing attackers to siphon funds. The phishing page supports major wallets including MetaMask, WalletConnect and Trust Wallet, expanding the potential impact, OX said.
The campaign highlights an increasingly common attack vector in crypto: social engineering associated with wallet login requests, often disguised as airdrops or developer rewards. By targeting GitHub users who interacted with OpenClaw-related repositories, the attackers made the awareness more credible.
OpenClaw is an open source AI agent framework and development tool that has recently attracted attention and controversy over crypto-related scams exploiting its name.
Peter Steinberger, the founder of OpenClaw, said last month that he was close to deleting the entire codebase because of crypto. “I didn’t know that they are not only good at harassment, but they are also very good at using scripts and tools.”
His statement follows a blanket ban he imposed on any mention of crypto, including Bitcoin. on the project’s Discord after scammers hijacked old OpenClaw accounts in January. The hackers promoted a fake CLAWD token that briefly reached a market cap of $16 million before crashing after Steinberger. When Steinberger publicly denied any involvement.
