Cybersecurity researchers have uncovered an active phishing campaign targeting developers by exploiting the growing popularity of the OpenClaw project, with attackers using fake GitHub activity to lure victims into connecting their crypto wallets.
According to a report published by OX Security, threat actors are creating fraudulent GitHub accounts and opening issue threads in attacker-controlled repositories. These posts tag dozens of developers to maximize visibility and engagement, increasing the likelihood of successful attacks.
The phishing messages claim that targeted users have been selected to receive $5,000 worth of CLAW tokens as a reward for their GitHub contributions
Victims are then directed to a malicious website that closely mimics the official OpenClaw platform. The fake site includes a “Connect your wallet” feature, which is designed to initiate unauthorized access and drain funds from users’ crypto wallets.
Researchers noted that the attackers are leveraging social engineering tactics to enhance credibility. In one observed message, the threat actors wrote, “Appreciate your contributions on GitHub
We analyzed profiles and chose developers to get OpenClaw allocation,” attempting to create a sense of exclusivity and legitimacy.
The campaign is reportedly spreading through GitHub’s issue tracking system, with attackers potentially identifying targets by analyzing users who have starred repositories related to OpenClaw. This targeted approach increases the chances that recipients will trust the message.
The phishing site supports multiple popular wallets, including MetaMask, Trust Wallet, and OKX Wallet, allowing attackers to cast a wide net across the crypto ecosystem.
Security experts have urged developers and crypto users to remain cautious when interacting with unsolicited GitHub messages, particularly those promoting token giveaways or airdrops
Users are advised to avoid connecting wallets to unverified websites, block malicious domains, and review recent wallet permissions for suspicious activity.
The incident highlights the increasing overlap between open-source development platforms and crypto-related threats, as attackers continue to exploit trusted ecosystems to execute sophisticated phishing campaigns.
Your web3 identity + services + payments in one single link. Get your pay3.so link today.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
