OpenClaw Devs Hit by GitHub Phishing Scam

OpenClaw GitHub phishing attacks are now targeting the project's developers directly on GitHub — and the tactic is disturbingly simple. Fake accounts tag developers in repository issue threads, tell them they've been chosen to receive roughly $5,000 worth of CLAW tokens, then funnel them to a site that looks almost identical to the real OpenClaw page, except for one addition: a wallet connection prompt that hands attackers the keys to drain it.

How the Attack Works

The mechanics here are worth understanding, because this isn't some exotic exploit — it's social engineering at its most efficient. The attackers built bogus GitHub accounts, identified developers who had interacted with OpenClaw-related repositories, and tagged them directly in issue threads. That's the credibility hook: the developer sees their username mentioned in a project they actually know, attached to a message saying they've been selected for a token reward. It looks earned. It looks official.

From there, the phishing page does the rest. The clone site mirrors OpenClaw's visual design closely enough to pass a casual glance, but its real function is to collect wallet connections. Once a user connects — via MetaMask, WalletConnect, or Trust Wallet — malicious code embedded in the page can trigger unauthorized transactions or token approvals, opening the door for funds to be siphoned without a second prompt. No obvious red flags in the UI. Just a familiar-looking interface that quietly empties wallets.

Tel Aviv-based cybersecurity firm OX Security disclosed the campaign in a blog post Wednesday, framing it as part of a broader attack pattern the crypto space has seen accelerate over the past year: social engineering layered on top of wallet connection exploits, dressed up as airdrops or developer incentives. The three supported wallets — MetaMask, WalletConnect, and Trust Wallet — represent a combined user base of hundreds of millions, which tells you how wide the net is being cast.

Why OpenClaw Keeps Getting Hit

This isn't the first time OpenClaw has been caught in the crossfire. Back in January, scammers hijacked the project's old accounts and used them to promote a fabricated token called CLAWD. The thing pumped — briefly touching a $16 million market cap — before collapsing when founder Peter Steinberger publicly denied any connection to it. The market did not wait for a second opinion.

Steinberger's response to that episode was to ban all mention of crypto, including bitcoin, from the project's official Discord. Then last month, he went further — he said he was considering deleting the entire OpenClaw codebase. That's the kind of statement that tends to get ignored in security roundups but deserves more attention: a legitimate open-source maintainer is being pushed toward abandoning his own project because scammers keep attaching themselves to its name.

The anger in his words was hard to miss.

I didn't know that they're not just good at harassment, they are also really good at using scripts and tools.

What Does This Mean for Crypto Developers?

Here's what gets buried in the standard 'phishing attack discovered' coverage: legitimate open-source projects are now active attack infrastructure. Scammers aren't just building their own fake tokens from scratch — they're latching onto real developer communities, borrowing credibility from projects that have earned it, and then weaponizing that trust against the very people who built those communities. That's a harder problem to solve than just blocking a phishing URL.

OpenClaw is an open-source AI agent framework — a developer tool, not a DeFi protocol or a token launchpad. It has nothing to do with crypto by design. And yet here it is, twice in three months, being used as the face of a fake token airdrop scam. The lesson isn't specific to OpenClaw. Any open-source project with visible GitHub activity and a recognized name is a potential attack surface for exactly this kind of campaign.

The campaign is also a reminder of how the wallet connection model — the same model powering every legitimate DeFi interaction — creates a structural vulnerability that's difficult to patch at the user level. Connecting a wallet is a normal developer action. Approving a transaction from an unfamiliar contract is where things go wrong, and the line between the two gets blurry when the surrounding context looks credible. Phishing pages that mimic real developer tools exploit precisely that ambiguity.

If you work with open-source crypto-adjacent tooling, the calculus is bleak but clear: any GitHub notification offering tokens should be treated as hostile until proven otherwise. That's not paranoia — that's the current threat environment. And if you're an open-source maintainer whose project has any name recognition in crypto circles, the odds that someone is already planning to use that name are higher than you'd like to think.

Steinberger nearly deleted his codebase. He hasn't yet. But if this keeps happening, the crypto community's habit of parasitizing legitimate projects will eventually cost it the tools those projects provide.