OpenClaw Phishing Targets Developers Crypto Wallets

A phishing campaign is targeting developers through fake OpenClaw token offers. The attack highlights growing security risks as AI-linked crypto narratives attract both users and malicious actors.

Cybersecurity firm OX Security reported that attackers created fraudulent GitHub accounts and repositories to distribute the scheme. Victims were tagged in issue threads and told they were eligible for $5,000 in “CLAW” tokens, then directed to a cloned website designed to prompt wallet connections and drain funds.

Are AI-Linked Crypto Projects Becoming Phishing Targets?

The campaign exploits the rapid rise of OpenClaw, which has accumulated more than 324,000 GitHub stars, ranking among the most followed repositories globally. Its growing visibility has coincided with broader trends where high-traction developer tools become vectors for wallet-based attacks, similar to prior exploits tied to NFT minting and token airdrops.

Attackers distributed malicious links through both GitHub and email outreach, presenting them as legitimate ecosystem tools or extensions. According to OX Security, the phishing site closely mirrored the official interface, with the only functional difference being a wallet connection prompt engineered to trigger unauthorized transactions.

“Folks, if you get crypto emails from websites claiming to be associated with OpenClaw, it’s ALWAYS a scam,” said Peter Steinberger in a public warning.

He emphasized that the project is non-commercial and does not conduct token promotions or reward campaigns.

Still, the incident reflects a broader convergence between AI developer ecosystems and crypto-native attack surfaces, where wallet connectivity introduces immediate financial risk. Security teams will monitor whether increased adoption of AI tooling leads to a parallel rise in targeted phishing campaigns and stricter safeguards around developer identity and distribution channels.