GitHub Phishing Campaign Targeting OpenClaw Developers Exploits Fake Airdrops to Steal Cryptocurrency Wallet Funds

Mars Finance reports that according to market sources, security platform OX Security disclosed that developers of the AI agent project OpenClaw are becoming targets of cryptocurrency phishing activities. Attackers created fake GitHub accounts, initiated issues in repositories under their control, @-mentioned dozens of developers, claiming they had won a $5,000 CLAW token reward, and directed victims to a clone website nearly identical to openclaw.ai. This phishing site added a “Connect Wallet” button aimed at stealing connected wallet assets. Malicious code was hidden in deeply obfuscated JavaScript files, equipped with a “nuke” function to clear browser local storage data to hinder forensic analysis, and encoded wallet addresses, transaction amounts, and other information sent back to C2 servers. Researchers identified a suspicious crypto wallet address likely used to receive stolen funds. The related account was created last week and deleted within hours; no victims have been confirmed so far. Due to its high profile, OpenClaw has become a target for scammers, and its Discord community has previously been flooded with cryptocurrency spam. Previously, the OpenClaw founder warned users to beware of phishing emails impersonating OpenClaw requesting cryptocurrency transfers.