Phishing scams using fake OpenClaw repos exploit developer trust to steal crypto through wallet connection prompts.
A new phishing campaign is targeting developers by impersonating the OpenClaw project on GitHub. Attackers are exploiting trust within the developer community to spread malicious links and steal crypto assets. Reports show the scheme uses fake repositories, cloned websites, and false token rewards to lure victims. Security experts warn that the operation is ongoing and may still be expanding.
Malicious OpenClaw Clones Trick Users Into Connecting Wallets
Threat actors are running a phishing campaign impersonating the OpenClaw project on GitHub. According to OX Security, attackers create fake accounts and open issue threads in repositories they control, tagging multiple developers. These posts falsely claim that recipients have been selected to receive $5,000 worth of “CLAW” tokens.
Targets are urged to click a link and connect their crypto wallets to claim the reward. However, the link leads to a website that closely mirrors OpenClaw’s official platform. The malicious version includes a “Connect your wallet” prompt designed to gain access to users’ crypto assets.
Once a wallet is connected, attackers can potentially drain funds. The campaign relies on social engineering tactics, using familiar GitHub features such as issue threads and developer tags to appear credible and increase engagement.
OX Security also noted that the phishing attempt extends beyond GitHub. Attackers distribute emails promoting the same links, often presenting them as tools or extensions related to the OpenClaw ecosystem. This approach adds another layer of deception, making the scheme harder to identify at first glance.
Rising OpenClaw Popularity Fuels Targeted Crypto Phishing Attacks
The full scope of the phishing campaign remains uncertain, with researchers warning that additional developers may still be at risk as the operation continues. Coinciding with OpenClaw’s rapid growth in adoption, the campaign’s timing appears strategic.
OpenClaw has gained significant traction among developers and small businesses. Its GitHub repository surpassing 324,000 stars and ranking among the most popular globally.
Visibility for OpenClaw has also increased following Peter Steinberger’s recent move to OpenAI. Despite the heightened attention, the project continues to operate as a non-commercial, open-source initiative and does not conduct token-related promotions.
Steinberger has publicly warned users about the phishing attempts. He stated that any crypto-related outreach linked to OpenClaw should be treated as a scam. According to him, the project does not run token promotions or giveaways.
Folks, if you get crypto emails from websites claiming to be associated with openclaw, it's ALWAYS a scam.
We would never do that. The project is open source and non-commercial. Use the official website. Be sceptical of folks trying to build commercial wrappers on top of it.
— Peter Steinberger 🦞 (@steipete) March 18, 2026
OX Security advises users to block known malicious domains such as token-claw[.]xyz and watery-compost[.]today. Developers should also treat unexpected GitHub issue mentions and token offers with caution.
