OpenClaw builders on GitHub, a platform for collaboration and model management, are being focused in a phishing marketing campaign utilizing faux token giveaways to lure victims into connecting crypto wallets that may then be drained.
The attackers created bogus GitHub accounts and tagged builders in concern threads, claiming they’d been chosen to obtain roughly $5,000 value of CLAW tokens, Tel Aviv-based cybersecurity firm OX Safety mentioned in a weblog submit on Wednesday.
The attackers’ posts hyperlink to a near-identical clone of the OpenClaw web site, however with a key addition: a immediate to attach a crypto pockets. As soon as a pockets is linked, malicious code can set off transactions or approvals that permit attackers to siphon funds. The phishing web page helps main wallets together with MetaMask, WalletConnect and Belief Pockets, widening the potential impression, OX mentioned.
The marketing campaign highlights an more and more widespread assault vector in crypto: social engineering paired with pockets connection requests, usually disguised as airdrops or developer rewards. By concentrating on GitHub customers who interacted with OpenClaw-related repositories, the attackers made the outreach seem extra credible.
OpenClaw is an open-source AI agent framework and developer software that has lately attracted consideration, and controversy, over crypto-related scams exploiting its title.
Peter Steinberger, the founding father of OpenClaw, mentioned final month he was about to delete the complete codebase due to crypto. “I did not know that they don’t seem to be simply good at harassment, they’re additionally actually good at utilizing scripts and instruments.”
His assertion adopted a blanket ban he imposed on any point out of crypto, together with bitcoin , within the venture’s Discord after scammers in January hijacked OpenClaw’s previous accounts. The hackers promoted a faux CLAWD token that briefly hit a $16 million market cap earlier than collapsing after Steinberger When Steinberger publicly denied any involvement.