A phishing campaign used fake GitHub posts and a bogus “CLAW” token to lure OpenClaw developers into connecting crypto wallets.
Developers of OpenClaw, a popular open-source AI project, are being targeted by phishing attacks on GitHub with fake token rewards designed to lure users into connecting crypto wallets.
Cybersecurity firm OX Security reported the scam on Wednesday and said it had found no victims so far. OpenClaw creator Peter Steinberger separately warned on X that any emails claiming association with the project are scams, urging users to only visit the official site. “We would never do that. The project is open source and non-commercial,” Steinberger said.
According to OX Security, attackers created fake GitHub accounts that posted messages in repositories they controlled, tagging developers to increase visibility. The posts claimed that recipients had won $5,000 worth of “CLAW,” a non-existent cryptocurrency falsely associated with the project, in an attempt to trick recipients into visiting a cloned website.
