Crypto scammers have turned OpenClaw's GitHub community into a hunting ground.

Tel Aviv-based cybersecurity firm OX Security uncovered an active phishing campaign targeting developers who contribute to or interact with OpenClaw repositories. Attackers create fake GitHub accounts and tag developers in issue threads, claiming they've been selected to receive roughly $5,000 worth of CLAW tokens — a token OpenClaw itself has never issued.

The links lead to a near-identical clone of the OpenClaw website, but with one addition: a prompt to connect a crypto wallet. Once connected, malicious code triggers approvals that drain funds. The phishing page supports MetaMask, WalletConnect, and Trust Wallet.

A pattern, not an anomaly

This isn't OpenClaw's first encounter with crypto scammers. In January, hackers hijacked old OpenClaw accounts to promote a fake CLAWD token that briefly hit a $16 million market cap before collapsing. The incident pushed founder Peter Steinberger to ban all crypto and bitcoin discussion from the project's Discord — and at one point he threatened to delete the entire codebase out of frustration.

The new campaign compounds that pattern. By targeting GitHub users already associated with OpenClaw repositories, attackers lend credibility to outreach that would otherwise look like obvious spam.

What to watch for

The attack vector — social engineering paired with fake airdrop links on developer platforms — is becoming increasingly common in crypto. Any unsolicited GitHub notification claiming token rewards should be treated as a red flag, regardless of how legitimate the sender appears.

OpenClaw has not issued any token and has no plans to do so.