GitHub phishing activities targeting OpenClaw developers exploit fake airdrops to steal cryptocurrency wallet funds

According to market news, the security platform OX Security has disclosed that the developers of the AI agent project OpenClaw are becoming targets of cryptocurrency phishing activities.

Attackers create fake GitHub accounts, initiate topics in repositories controlled by them, and @ dozens of developers, claiming they have won a $5000 CLAW token reward, leading them to a clone website that is almost identical to openclaw.ai. This phishing site includes a "Connect Wallet" button, aimed at stealing the assets of connected wallets. Malicious code is hidden in deeply obfuscated JavaScript files, featuring a "nuke" function that clears browser local storage data to hinder forensic analysis, and encodes information such as wallet addresses and transaction values to send back to the C2 server. Researchers identified a suspected cryptocurrency wallet address used to receive stolen funds. The related accounts were created last week and deleted within hours, with no confirmed victims at this time. OpenClaw has become a target for scammers due to its high visibility, and its Discord community has previously encountered a large amount of cryptocurrency spam. Earlier reports indicated that OpenClaw's founder warned to be cautious of cryptocurrency scam emails sent in the name of OpenClaw.