OpenClaw Developers Targeted by GitHub Phishing Scam

Security firm OX Security has disclosed that a phishing campaign targeting OpenClaw developers is spreading on GitHub. Attackers use fake GitHub accounts to impersonate people associated with the project, @mention target developers in issues or comment threads, and lure victims with a “$5,000 CLAW token reward,” directing them to a spoofed site for further actions.

The core goal of this campaign is to deploy a wallet drainer: once a victim connects a wallet on an untrusted website or signs a transaction request, their assets may be quickly transferred out. Public information shows that OpenClaw has previously emphasized an anti-crypto-related policy and has experienced impersonation scams involving “fake tokens.” Attackers are leveraging the project’s visibility and developers’ trust in collaboration-platform messages to carry out social engineering.

Quick take: As open-source projects and the AI agent ecosystem gain popularity, social-engineering attacks along GitHub collaboration workflows are likely to increase. Developers should apply zero trust to “airdrop/token reward” messages, avoid connecting wallets or signing anything before verifying domains and identities, and promptly block suspicious accounts and domains.