OpenClaw developers operating on GitHub have become the target of a new phishing campaign with the promise of fake token distribution. Attackers direct users to a fake platform, claiming that developers will be given CLAW tokens worth approximately $5,000. Requesting a crypto wallet connection in this process constitutes the main risk element of the attack.
Establishing Trust with Fake GitHub Accounts
According to findings shared by cybersecurity company OX Security, attackers created fake GitHub accounts and tagged developers in project discussions. People who aimed to gain users’ trust with this method made the campaign more convincing by directly reaching out to developers who interact with OpenClaw-related repositories. In the messages, users were asked to click on the link, stating that they had won a prize.
Wallet Access Provided through Fake Site
The shared links lead to a copy that looks very similar to OpenClaw’s official website. However, what is striking about this fake page is that there is an additional field that asks the user to connect their crypto wallet. It is stated that once the wallet connection is established, malicious codes can be activated and create transaction confirmations on behalf of the user. In this way, attackers gain access to directly withdraw users’ assets.
Broad Wallet Support Increases Risk
The fact that the phishing page in question supports widely used wallets such as MetaMask, WalletConnect and Trust Wallet increases the number of potential victims. This shows that the attack is not limited to a specific user group and targets the broader crypto ecosystem. The ability of users to make transactions through different wallet types stands out as an important factor that magnifies the impact of the attack.
Such attacks are considered part of social engineering techniques that are becoming increasingly common in the crypto industry. Particularly attractive offers such as airdrops or reward distributions are frequently preferred to attract the attention of users. Direct access to developers is seen as a factor that increases the reliability of the attack.
OpenClaw has recently attracted attention as an open-source artificial intelligence agent framework and developer tool. The project offers a modular infrastructure that allows software developers to create artificial intelligence-based systems. However, the use of his name in crypto scams has led to discussions around the project.
The founder of the project, Peter Steinberger, previously stated that he was seriously concerned about the increase in crypto-related fraud attempts. The introduction of a fake token after old accounts were compromised in January brought the security of the project into question.
Although the fake token introduced by the attackers reached a high market value for a short time, it quickly lost value after it was announced that it was not connected to the project. This development once again brought to the agenda that users should be more careful about unverified projects.
