Developers working on OpenClaw, an open-source project hosted on GitHub, have recently become targets of a new phishing campaign promising fraudulent token distributions. Attackers claim that developers stand to receive CLAW tokens worth around $5,000, luring them to a fake online platform. The risk escalates when users are asked to connect their cryptocurrency wallets—a critical step allowing malicious actors potential access to their digital assets.
Attackers Pose as Trusted Members with Fake GitHub Accounts
According to research shared by cybersecurity firm OX Security, the perpetrators created convincing fake GitHub accounts, tagging developers in project discussions to appear credible. By interacting directly with those contributing to OpenClaw-related repositories, the attackers boost the plausibility of their scheme. Their messages highlight supposed rewards and urge users to click a provided link, portraying the campaign as a legitimate recognition of their work.
Fake Platform Seeks Wallet Access to Steal Funds
The links in these messages direct victims to a website meticulously designed to mimic OpenClaw’s official online presence. The standout difference: an additional prompt requesting users to connect their crypto wallets. Security experts report that this connection enables the deployment of malicious code, granting attackers the ability to create approval transactions on the user’s behalf. As a result, cybercriminals can transfer assets straight out of the compromised wallets.
Wide Wallet Support Increases the Attack’s Reach
The phishing page supports popular wallet providers such as MetaMask, WalletConnect, and Trust Wallet, broadening its threat to a far larger pool of users. This strategy ensures the campaign is not limited to a niche demographic but targets the wider crypto community. The attackers’ ability to leverage different wallet types magnifies the overall impact and potential damage of the operation.
Such operations are seen as part of a rising trend in social engineering attacks in the crypto sector. Offers like airdrops or reward distributions—while tempting—are often used to grab users’ attention. Direct outreach to developers is viewed as increasing the campaign’s perceived authenticity and effectiveness.
OpenClaw has recently made a name for itself as an open-source AI agent framework and developer tool, providing modular infrastructure for building AI-powered systems. However, the project’s growing prominence has also made it a magnet for scams—particularly as cybercriminals misuse its name for fraudulent token schemes, sparking debate about security within its community.
In the wake of mounting scams connected to the project, founder Peter Steinberger has voiced alarm about the increasing frequency of crypto-themed phishing attempts. He previously noted that after a breach in January—where old official accounts were hijacked—a counterfeit token launch further undermined the project’s security reputation.
While the fraudulent CLAW token briefly attained a high market valuation, its legitimacy quickly collapsed once it was revealed to have no connection to the genuine project. The incident served as another reminder for users to remain vigilant and thoroughly verify the credibility of any project before engaging with it or approving wallet transactions.
