OpenClaw developers on GitHub, a collaboration and version control platform, are being targeted by a phishing campaign that uses fake token giveaways to lure victims into connecting to crypto wallets and then draining them.
Tel Aviv-based cybersecurity firm OX Security said in a blog post on Wednesday that attackers created fake GitHub accounts and tagged developers in the issue thread, claiming they had been selected to receive approximately $5,000 worth of CLAW tokens.
The attacker’s post links to a nearly identical clone of the OpenClaw website, but adds one key addition: a prompt to connect a crypto wallet. Once the wallet is connected, malicious code can trigger a transaction or approval, allowing an attacker to steal funds. OX said the phishing page supports major wallets such as MetaMask, WalletConnect and Trust Wallet, expanding the potential impact.
The campaign highlights an increasingly common attack vector in cryptocurrencies: social engineering combined with wallet connection requests, often disguised as airdrops or developer rewards. By targeting GitHub users interacting with OpenClaw-related repositories, the attackers made the outreach appear more credible.
OpenClaw is an open source artificial intelligence agent framework and development tool that has recently attracted attention and controversy due to crypto-related scams that leveraged its name.
OpenClaw founder Peter Steinberger said last month that he planned to delete the entire code base due to cryptocurrency reasons. “I had no idea that not only were they good at harassment, but they were also very good at using scripts and tools.”
His statement follows a blanket ban on any mention of cryptocurrencies, including Bitcoin. this emerged in the project’s Discord after scammers hijacked OpenClaw’s old account in January. The hackers promoted a fake CLAWD token, which at one point had a market cap of $16 million, but the token collapsed after Steinberg publicly denied involvement.