Devs Targeted in OpenClaw GitHub Phishing Campaign

Developers linked to the OpenClaw, an open-source AI project, are increasingly targeted in a sophisticated phishing attack on GitHub. Scammers used fake accounts and token incentives to lure users into connecting cryptocurrency wallets, raising concerns about security in open-source crypto projects.

Security researchers at OX Security identified an active phishing operation targeting developers associated with the OpenClaw AI project. 

The attackers created fake GitHub accounts and opened issue threads in malicious repositories, tagging developers with messages claiming they had been selected to receive $5,000 worth of CLAW tokens, tricking recipients into visiting a link and connecting their cryptocurrency wallets.

The phishing link led to a cloned version of the OpenClaw website designed to look authentic. That site included a “Connect your wallet” prompt.

If even one developer had connected a wallet, attackers could have accessed private keys, potentially draining personal funds. Beyond financial loss, compromised developer accounts could be used to inject malicious code into the OpenClaw project itself.

The attackers used seemingly credible social engineering tactics, like tagging developers in GitHub issues and mimicking official communication, to make the lure look legitimate. 

The cloned site supported widely used wallets such as WalletConnect, MetaMask, and Trust Wallet.

The malicious accounts were deleted within hours of creation, and no confirmed thefts have yet been reported.

Despite the aggressive tactics, there are no publicly confirmed reports of stolen funds from the campaign as of now. Researchers continue to monitor the situation.

OX Security advised users not to connect wallets to untrusted sites, to block access to the phishing domain, and to treat GitHub messages about token giveaways with suspicion. 

OpenClaw, like many open-source crypto projects, relies on community trust. A successful attack could undermine confidence in the project, slowing contributions and adoption. If developers start fearing attacks like this, it could slow innovation, reduce open-source contributions, or force projects to adopt stricter vetting processes.

Discover DailyCoin’s trending crypto scoops right now:
Fed Holds Rates Steady, Crypto Markets on “Sell-the-News” Mode
ETH Strengthens on ETF Inflows and Rising Open Interest