A coordinated phishing campaign has targeted developers connected to OpenClaw, with attackers using fake GitHub activity and cloned websites to steal cryptocurrency wallets, according to a report published Wednesday by OX Security.
The campaign relies on social engineering tactics that mimic legitimate developer outreach. It combines GitHub issue threads, fake reward claims, and a near-identical copy of the OpenClaw website to trick users into connecting their wallets.
Fake GitHub activity used to lure developers
Researchers at OX Security identified a pattern where threat actors created multiple GitHub accounts and opened issue threads in repositories under their control. These posts tagged dozens of developers to increase visibility and credibility.
One of the messages stated:
“Appreciate your contributions on GitHub. We analyzed profiles and chose developers to get OpenClaw allocation.”
The post then claimed recipients had won $5,000 worth of CLAW tokens and directed them to a website to claim the reward.
The attackers designed the outreach to appear relevant. OX Security assessed that the threat actors may have used GitHub’s star feature to identify users who interacted with OpenClaw repositories. That method allowed them to target developers already familiar with the project.
The GitHub accounts used in the campaign were created shortly before the attack and removed within hours after activity began. At the time of publication, there are no confirmed reports of affected users.
Clone website hides wallet-draining mechanism
The phishing site closely resembled the official OpenClaw platform but included a critical modification. A “Connect your wallet” button prompted users to link their crypto wallets.
Once connected, the system enabled wallet draining. The malicious page supported several widely used wallets, including MetaMask, Trust Wallet, OKX Wallet, Bybit Wallet, and WalletConnect.
OX Security’s technical analysis found that the wallet-stealing logic was embedded in an obfuscated JavaScript file named “eleven.js.” The code masked its intent and made detection more difficult during casual inspection.
The malware tracked user actions through commands such as PromptTx, Approved, and Declined. It collected sensitive information, including wallet addresses, transaction values, and user identifiers, and sent it to a command-and-control server hosted on watery-compost[.]today.
Researchers also identified a “nuke” function within the code. This feature removed traces from the browser’s local storage, which complicated forensic analysis after the attack.
One wallet address, 0x6981E9EA7023a8407E4B08ad97f186A5CBDaFCf5, was flagged as likely controlled by the attacker and used to receive stolen funds.
Campaign tied to OpenClaw’s rapid rise
The phishing activity emerged as OpenClaw gained traction among developers. The project has seen rapid adoption and a surge in visibility following its transition into a foundation-run open-source initiative.
Its creator, Peter Steinberger, has taken a strict stance against cryptocurrency-related promotions linked to the project. He warned users publicly that any crypto-themed outreach using the OpenClaw name should be treated as fraudulent.
“Folks, if you get crypto emails from websites claiming to be associated with OpenClaw, it's ALWAYS a scam,” Steinberger wrote on X.
The warning reflects earlier incidents tied to the project’s rebranding, when a separate token campaign appeared and later collapsed after Steinberger denied involvement.
The project’s growing association with major technology players has also increased its exposure. Sam Altman previously announced that Steinberger would lead efforts related to personal AI agents, which brought additional attention to OpenClaw’s ecosystem.
Technical indicators show deliberate targeting
OX Security’s findings suggest the campaign did not rely on random outreach. Instead, attackers appeared to select developers with prior engagement in OpenClaw-related repositories.
Moshe Siman Tov Bustan, a research team lead at OX Security, said that the campaign showed similarities to earlier attacks linked to blockchain ecosystems. He said the team continues to analyze possible connections between incidents.
The infrastructure behind the attack included redirect links such as linkshare[.]google URLs that forwarded users to the phishing domain token-claw[.]xyz. This step added another layer of obfuscation.
The campaign also extended beyond GitHub in some cases, with reports indicating email outreach designed to resemble legitimate developer communications.
Security recommendations issued
OX Security has urged developers to block the domains token-claw[.]xyz and watery-compost[.]today across their environments. The firm also advised against connecting crypto wallets to newly surfaced or unverified websites.
Users who may have interacted with the phishing site should review wallet permissions and revoke any suspicious approvals immediately.
The company emphasized that GitHub issues promoting token giveaways or airdrops should be treated with caution, particularly when posted by unknown accounts.
The incident highlights a recurring pattern in the crypto ecosystem, where high-visibility projects attract malicious campaigns that exploit trust within developer communities.
Gunel Ismayilova
Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that, despite the nature of much of the material created and hosted on this website, HODL FM operates as a media and informational platform, not a provider of financial advisory services. The opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice, HODL FM strongly recommends contacting a qualified industry professional.
