According to cybersecurity company OX Security, the popularity of OpenClaw has led to the emergence of a phishing campaign aimed at stealing cryptocurrency from developers.
According to cybersecurity company OX Security, the popularity of OpenClaw has led to the emergence of a phishing campaign aimed at stealing cryptocurrency from developers.
OX noted that the attackers created fake GitHub accounts, opened discussion threads in controlled repositories, and tagged dozens of developers, claiming that they had been selected to receive $5,000 in CLAW tokens, The Block writes .
The attackers directed victims to a malicious website, forcing them to connect their wallets to receive fake rewards. According to OX, the website was an almost identical clone of the official OpenClaw website, but with one critical addition: a “Connect your wallet” button designed to steal the wallet’s contents.
OX noted that the campaign was spread through GitHub repositories and email mailings to pass off malicious resources as official extensions or tools related to the OpenClaw ecosystem.
The full scale of this activity is currently unknown.
The phishing campaign coincided with the rapid growth of OpenClaw's popularity among developers and small businesses looking to automate their workflows. As of today, the OpenClaw page on GitHub has amassed over 324,000 stars, ranking it ninth among all repositories in the world.
OpenClaw creator Peter Steinberger recently warned users that any cryptocurrency-related offers that mention OpenClaw should be considered fraudulent.
“Friends, if you receive emails about crypto from sites that are supposedly affiliated with OpenClaw, it is ALWAYS a scam,” Steinberger wrote on Wednesday on the X network. He added that the project is non-profit and would never conduct such promotions.
OX also advised users to block the malicious domains token-claw[.]xyz and watery-compost[.]today, and to treat any GitHub branches offering free token giveaways as suspicious.
