Devs Targeted in OpenClaw GitHub Phishing Campaign

Developers linked to the OpenClaw, an open-source AI project, are increasingly targeted in a sophisticated phishing attack on GitHub. Scammers used fake accounts and token incentives to lure users into connecting cryptocurrency wallets, raising concerns about security in open-source crypto projects.

Scam Lures and Execution

Security researchers at OX Security identified an active phishing operation targeting developers associated with the OpenClaw AI project

The attackers created fake GitHub accounts and opened issue threads in malicious repositories, tagging developers with messages claiming they had been selected to receive $5,000 worth of CLAW tokens, tricking recipients into visiting a link and connecting their cryptocurrency wallets.

How the Scam Worked

The phishing link led to a cloned version of the OpenClaw website designed to look authentic. That site included a “Connect your wallet” prompt.

If even one developer had connected a wallet, attackers could have accessed private keys, potentially draining personal funds. Beyond financial loss, compromised developer accounts could be used to inject malicious code into the OpenClaw project itself.

The attackers used seemingly credible social engineering tactics, like tagging developers in GitHub issues and mimicking official communication, to make the lure look legitimate

The cloned site supported widely used wallets such as WalletConnect, MetaMask, and Trust Wallet.

Response and Prevention Measures

The malicious accounts were deleted within hours of creation, and no confirmed thefts have yet been reported.

Despite the aggressive tactics, there are no publicly confirmed reports of stolen funds from the campaign as of now. Researchers continue to monitor the situation.

OX Security advised users not to connect wallets to untrusted sites, to block access to the phishing domain, and to treat GitHub messages about token giveaways with suspicion

Why This Matters

OpenClaw, like many open-source crypto projects, relies on community trust. A successful attack could undermine confidence in the project, slowing contributions and adoption. If developers start fearing attacks like this, it could slow innovation, reduce open-source contributions, or force projects to adopt stricter vetting processes.

Discover DailyCoin’s trending crypto scoops right now:
Fed Holds Rates Steady, Crypto Markets on “Sell-the-News” Mode
ETH Strengthens on ETF Inflows and Rising Open Interest

People Also Ask:

What is a GitHub phishing attack? A GitHub phishing attack is a scam where attackers create fake accounts or repositories to trick developers into revealing sensitive information, such as crypto wallet keys.

What is OpenClaw? OpenClaw is an open-source AI project that also integrates a native cryptocurrency token, $CLAW, used within its ecosystem.

Why are developers targeted instead of investors? Developers have access to project code, deployment permissions, and community trust. Compromising them can affect the project’s integrity, not just individual wallets.

.social-share-icons { display: inline-flex; flex-direction: row; gap: 8px; border-radius: 8px; border: 1px solid #dedede; padding: 8px 16px; margin-bottom: 8px; }

.social-share-icons a { display: flex; color: #555; text-decoration: none; justify-content: center; align-items: center; background-color: #dedede; border-radius: 100%; padding: 10px; }

.social-share-icons a:hover { background-color: #F7BE23; fill: white; }

.social-share-icons svg { width: 24px; height: 24px; }

DailyCoin’s Vibe Check: Which way are you leaning towards after reading this article?

Bullish Bearish Neutral

Market Sentiment

0% Neutral