Threat actors are actively exploiting OpenClaw’s viral popularity to run a phishing campaign that targets developers on GitHub with lures of free crypto tokens.
According to a disclosure by OX Security, the campaign involves fake “CLAW” token airdrops that promise thousands of dollars in rewards. Developers are being tricked into malicious GitHub repositories and discussions, and eventually redirected to convincingly cloned websites that prompt them to connect their crypto wallets.
“The threat actor opens issues in attacker-controlled repositories and tags GitHub users to maximize visibility and reach,” OX researchers said in a blog post. “The linked site is an almost identical clone of openclaw.ai, with one key difference: it adds a “connect your wallet” button designed to initiate wallet theft.”
The researchers said that the threat actor created multiple accounts for the campaign and deleted all of them a few hours after the campaign began. Analysis suggested no users have yet been affected by the campaign.
GitHub is used for delivery
The campaign moves phishing inside GitHub workflows, something not very commonly seen. Attackers created or hijacked repositories, seeded them with attractive content, and amplified reach by tagging developers or engaging in discussions to boost visibility.
The campaign uses a social engineering layer, which includes legitimate-looking issues, pull requests, and repo mentions, to bypass suspicion. GitHub was presumably chosen to exploit developer trust, as they are more likely to click through a lure spread within a familiar environment.
Victims are first pulled in via GitHub issues that read, “Appreciate for your contributions on GitHub. We analyzed profiles and chose developers to get OpenClaw allocation.” The message is framed as a limited-time token giveaway of $5000 worth of CLAW tokens, directing them to collect the tokens by visiting the malicious site. “We assess that the attackers may be using GitHub’s star feature to identify users who starred OpenClaw-related repositories and target them specifically, making the phishing campaign appear more credible and relevant to recipients,” the researchers added.
CLAW isn’t a legitimate token and is being promoted as a new launch in the scam narrative. In fact, OpenClaw developer Peter Steinberger has explicitly said in the past that the project will never issue tokens and any claim otherwise is a scam.
Smart, obfuscated malware code
According to OX, the malicious phishing and wallet-stealing code is “highly obfuscated” and resides within the “eleven.js” JavaScript file in the repository.
The threat actor used “watery-compost[.]today” to host a C2 server to collect information (including wallet address, transaction value, and name) and drain wallets once they were connected. Commands used by the C2 include PromtTx, Approved, and Declined. Additionally, the malware code includes a ”nuke“ function that deletes wallet-stealing information from the browser’s local storage to avoid detection and forensics, the researchers added.
The address “0x6981E9EA7023a8407E4B08ad97f186A5CBDaFCf5” was extracted from the code and identified as the threat actor’s wallet used to receive stolen cryptocurrency. The phishing page (“token-claw[.]xyz“) was said to support multiple crypto wallets, including WalletConnect, MetaMask, Trust Wallet, OKX Wallet, and Bybit Wallet.
OX researchers recommended blocking the phishing domain from all environments, refraining from connecting crypto wallets to untrusted websites, and treating token giveaway issues from unknown sources as suspicious. Users should also review any recent wallet connections associated with the campaign and revoke all approvals immediately to stay protected.