A GitHub phishing campaign targeting OpenClaw developers used fake airdrops to steal funds from cryptocurrency wallets.

PANews reported on March 19th that, according to Decrypt, security platform OX Security disclosed that developers of the AI ​​agent project OpenClaw are being targeted by cryptocurrency phishing campaigns. Attackers created fake GitHub accounts, started issues in attacker-controlled repositories, and tagged dozens of developers, claiming they had won a $5,000 CLAW token reward, then redirected them to a clone website that was almost identical to openclaw.ai. This phishing website had an additional "Connect Wallet" button, designed to steal assets from connected wallets.

The malicious code was hidden in a deeply obfuscated JavaScript file, featuring a "nuke" function that clears browser local storage data to hinder forensic analysis. It also encoded information such as wallet addresses and transaction values ​​before sending them back to a C2 server. Researchers identified a suspected encrypted wallet address used to receive the stolen funds. The account was created last week and deleted within hours; no victims have been confirmed yet. OpenClaw, due to its high profile, has become a target for scammers, and its Discord community has previously been flooded with cryptocurrency spam.

Previously, the founder of OpenClaw warned against cryptocurrency scam emails sent under the guise of OpenClaw .