OpenClaw developers targeted in GitHub phishing scam offering fake token airdrops

Tech Share Share this article Copy link X icon X (Twitter) LinkedIn Facebook Email OpenClaw developers targeted in GitHub phishing scam offering fake token airdrops Security researchers said attackers are impersonating OpenClaw on GitHub, luring developers with bogus CLAW token giveaways that trick users into connecting their crypto wallets. By Olivier Acuna | Edited by Sheldon Reback Mar 19, 2026, 3:45 p.m. Make us preferred on Google OX Security said scammers are targeting OpenClaw developers on GitHub. (Credit: Max Bender/Unsplash/Modified by CoinDesk) What to know : Attackers are targeting OpenClaw developers on GitHub and luring victims with fake $5,000 CLAW token giveaways that lead to wallet-draining sites. The phishing pages closely mimic the real OpenClaw website but add prompts to connect major crypto wallets like MetaMask, WalletConnect and Trust Wallet, enabling malicious transactions once users approve access. The campaign builds on a series of crypto-related scams exploiting OpenClaw's name, which previously prompted founder Peter Steinberger to ban all crypto discussion on the project's Discord after a fake token briefly reached a $16 million market cap. OpenClaw developers on GitHub, a platform for collaboration and version control, are being targeted in a phishing campaign using fake token giveaways to lure victims into connecting crypto wallets that can then be drained. The attackers created bogus GitHub accounts and tagged developers in issue threads, claiming they had been selected to receive roughly $5,000 worth of CLAW tokens, Tel Aviv-based cybersecurity company OX Security said in a blog post on Wednesday. The attackers' posts link to a near-identical clone of the OpenClaw website, but with a key addition: a prompt to connect a crypto wallet. Once a wallet is connected, malicious code can trigger transactions or approvals that allow attackers to siphon funds. The phishing page supports major wallets including MetaMask, WalletConnect and Trust Wallet, widening the potential impact, OX said. The campaign highlights an increasingly common attack vector in crypto: social engineering paired with wallet connection requests, often disguised as airdrops or developer rewards. By targeting GitHub users who interacted with OpenClaw-related repositories, the attackers made the outreach appear more credible. OpenClaw is an open-source AI agent framework and developer tool that has recently attracted attention, and controversy, over crypto-related scams exploiting its name. Peter Steinberger, the founder of OpenClaw, said last month he was about to delete the entire codebase because of crypto. "I didn't know that they're not just good at harassment, they are also really good at using scripts and tools." His statement followed a blanket ban he imposed on any mention of crypto, including bitcoin BTC $ 69,216.55 , in the project's Discord after scammers in January hijacked OpenClaw's old accounts. The hackers promoted a fake CLAWD token that briefly hit a $16 million market cap before collapsing after Steinberger When Steinberger publicly denied any involvement. More For You Bitcoin’s quantum threat is real, but far from an existential crisis, Galaxy says By Will Canny , AI Boost 5 hours ago Developers are already working to address quantum risks, and investors shouldn’t mistake a long-term challenge for an immediate threat, according to Galaxy Digital’s head of research Alex Thorn. What to know : Galaxy's Alex Thorn said the quantum threat to Bitcoin is real but limited today, affecting only certain exposed wallets and not current network security. Developers are already working on multiple solutions, including quantum-resistant addresses and phased upgrade proposals. Investors should view quantum risk as a long-term technical challenge, not a reason to avoid bitcoin today, Thorn said. Read full story Latest Crypto News Crypto for Advisors: Bitcoin’s price discovery 45 minutes ago ECB seeks experts to help integrate digital euro into ATMs, card payment terminals 59 minutes ago Bitcoin $20,000 put option is third most popular strike ahead of quarterly expiry 1 hour ago Major League Baseball signs prediction markets pacts with CFTC, Polymarket 1 hour ago CoinDesk 20 performance update: NEAR Protocol (NEAR) drops 3.3%, leading index lower 2 hours ago Browser maker Opera seeks 160 million CELO stake to become key network stakeholder 2 hours ago Top Stories Coinbase faces a multibillion-dollar threat from D.C. but a 'rewards' loophole could protect its stablecoin revenue 3 hours ago Bitcoin slips below $70,000 as oil surge, Fed pause weigh on risk assets 5 hours ago Crypto.com cuts 12% of staff as it integrates AI across the business for efficiency 4 hours ago Capital is shifting into digital dollars as bitcoin wilts 4 hours ago SEC approves Nasdaq's move to support tokenized securities trading 19 hours ago Bitcoin OGs dump over $100 million in BTC after hawkish Fed dents rate cut hopes 8 hours ago