A phishing campaign targeting Openclaw developers is spreading through GitHub, attempting to trick users into connecting crypto wallets and exposing funds to theft.
Cybersecurity firm OX Security said attackers are impersonating the Openclaw ecosystem using fake GitHub accounts and offering $5,000 in fraudulent CLAW token airdrops.
“Connecting a wallet to the site can result in funds being drained,”
Said OX Security researchers, Moshe Siman Tov Bustan and Nir Zadok.
The scam directs users to a fake website mimicking openclaw.ai, where a wallet connection prompt triggers malicious code designed to extract wallet data and initiate unauthorised transactions.
Technical analysis shows the attack uses a redirect chain to token-claw(.)xyz and a command-and-control server at watery-compost(.) today, with embedded scripts collecting sensitive user information.
Researchers said the campaign relies on targeted social engineering, likely focusing on developers who previously interacted with Openclaw repositories to increase engagement rates.
The warning comes as Openclaw gains traction among developers, with additional concerns raised by CertiK over a separate vulnerability that could bypass the platform’s sandbox system.