The developers of OpenClaw, a popular open-source AI project, are facing a phishing attack involving counterfeit token rewards, with attackers luring users to connect their crypto wallets through GitHub.
According to OX Security, the attackers created fake GitHub accounts to post messages in repositories they control, tagging developers to increase visibility. These posts claim that recipients have won $5,000 worth of 'CLAW' tokens, a fictitious cryptocurrency unrelated to the project, aimed at tricking recipients into visiting a clone website.
This campaign directs users to a clone site resembling the official OpenClaw page and prompts them to connect their crypto wallets, a common phishing tactic designed to steal credentials or gain malicious approvals.
Reports on social media indicate that developers have become aware of this fraudulent activity, with many immediately labeling it a scam.
The founder of OpenClaw has warned users that the project will never launch any tokens, and any tokens claiming to be associated with him are fraudulent.
“I will never issue tokens. Any project listing me as a token owner is a scam,” Steinberger stated in a tweet on X in January.
This phishing activity marks yet another attempt by attackers to exploit OpenClaw's viral popularity.
OpenClaw was launched in November 2025, offering a free open-source autonomous AI agent capable of running locally on computers to manage files, software, and browser tasks through chat platforms like WhatsApp or Telegram.