Scammers target OpenClaw developers via GitHub

Key points:

• OpenClaw developers are targeted via GitHub through a phishing campaign
• Attackers promise $5000 in fake CLAW tokens
• The goal is to gain access to crypto wallets via a fake website

Developers of the open-source project OpenClaw have faced a phishing campaign in which attackers impersonate project representatives. The attack spreads through GitHub: fake accounts tag developers in discussions and offer a “reward” for contributing to the project.

The messages claim that the user has supposedly received $5000 in CLAW tokens. To claim the “reward,” users are directed to a website that visually imitates the official OpenClaw resource.

On this site, users are asked to connect their crypto wallet — after which attackers can withdraw funds or approve malicious transactions.

How the scheme works

According to OX Security, the phishing page uses obfuscated JavaScript code and communicates with a remote command-and-control server. This allows attackers to hide activity and intercept wallet data once it is connected.

The malicious code tracks user actions — such as approving or rejecting transactions — and sends this data to the attackers. It also includes a function that clears traces from the browser to make the attack harder to analyze.

Targets are not chosen at random: according to researchers, attackers focus on users who have interacted with OpenClaw repositories — for example, those who have starred them.

The fake accounts existed only briefly — they were deleted within hours after the campaign began. At this time, no confirmed victims have been reported.

OpenClaw creator Peter Steinberger previously warned that the project does not issue its own cryptocurrency. He emphasized that any tokens associated with OpenClaw are fraudulent.

The OpenClaw project was launched in November 2025 and quickly gained popularity as a free open-source AI agent. According to experts, this growing attention is what made it a target for crypto scammers.