A new phishing campaign is targeting developers linked to the OpenClaw project on GitHub, using fake token giveaways to trick users into exposing their crypto wallets. Security researchers have identified a coordinated effort in which attackers impersonate official project activity, making the scam appear credible to developers who are already interacting with OpenClaw repositories.
The attackers created fraudulent GitHub accounts and began tagging developers in issue threads, claiming they had been selected to receive thousands of dollars worth of tokens. These messages direct users to websites designed to closely resemble legitimate OpenClaw pages. Once users land on these sites, they are prompted to connect their crypto wallets under the pretense of claiming the reward.
The key risk emerges when users approve wallet access. By granting permissions, victims unknowingly allow malicious scripts to initiate transactions or approvals that can drain funds. The phishing pages support widely used wallets, increasing the scale and potential reach of the campaign. This method relies heavily on social engineering rather than technical exploits, making it harder for users to immediately recognize the threat.
The campaign highlights a growing pattern in the digital asset space where attackers combine familiarity with urgency. By targeting developers who are already engaged with a specific project, the messages appear more legitimate and reduce suspicion. The use of airdrops as bait continues to be a common tactic, especially as users are conditioned to expect rewards or incentives within blockchain ecosystems.
OpenClaw, an open source framework focused on AI agent development, has previously faced similar issues tied to misuse of its name in crypto related scams. Earlier incidents saw attackers promoting fake tokens linked to the project, creating confusion among users and developers. These events prompted stricter controls within the project’s communication channels to limit exposure to fraudulent activity.
The latest phishing attempt reflects how attackers are shifting their focus toward developer communities, where access to tools, repositories and technical discussions can be leveraged to increase credibility. GitHub, being a central hub for collaboration, has become a natural target for such campaigns as it allows attackers to directly interact with potential victims in trusted environments.
Security experts are advising developers to remain cautious when encountering unexpected messages offering rewards or token distributions. Verifying official communication channels and avoiding direct interaction with unverified links are critical steps in reducing exposure. As phishing tactics continue to evolve, awareness remains one of the most effective defenses against wallet draining attacks and identity based scams.
