Cybersecurity firm OX Security has uncovered an active phishing campaign on GitHub that impersonates the popular open-source AI project OpenClaw to target developers and drain their cryptocurrency wallets. The attackers are creating fake GitHub accounts, opening issue threads in repositories they control, and tagging dozens of developers with messages claiming they have been selected for an OpenClaw allocation.
The fraudulent messages offer recipients $5,000 worth of a non-existent token called $CLAW, falsely associated with the OpenClaw project. Victims are then directed to a cloned website that closely mimics the official openclaw.ai site. On this fake site, a malicious "Connect your wallet" prompt is presented, which, if interacted with, triggers wallet-draining malware.
OX Security researchers detailed the campaign's sophisticated tactics. Attackers appear to be using GitHub's star feature to identify users who have shown interest in OpenClaw-related repositories, making the approach seem more targeted and credible. The malware employs obfuscated JavaScript, including a file named "eleven.js," to embed the wallet-stealing code. Once activated, a built-in "nuke" function wipes traces from the browser's local storage to avoid detection, while the malware tracks user actions and sends encoded data—including wallet addresses and transaction values—to a command-and-control server.
Researchers have identified at least one wallet address believed to be linked to the attackers for receiving stolen funds, though no confirmed victims have been reported so far. OX Security has urged users to block the domains token-claw[.]xyz and watery-compost[.]today and to avoid connecting crypto wallets to newly surfaced or unverified sites.
The phishing campaign exploits the heightened visibility of OpenClaw, which surged in popularity after OpenAI CEO Sam Altman announced that OpenClaw creator Peter Steinberger would lead its push into personal AI agents. The project has since transitioned to a foundation-run open-source model.
In response to this and past scams, OpenClaw creator Peter Steinberger has enforced a strict anti-crypto policy. He has repeatedly warned that the project will never launch a cryptocurrency, stating on X, "I will never do a coin. Any project that lists me as coin owner is a scam." The project's official Discord server bans all discussions of Bitcoin and other cryptocurrencies, a policy stemming from a previous scam involving a Solana-based token called $CLAWD that briefly reached a $16 million market cap before crashing after Steinberger denied any involvement.
