Developers of OpenClaw, a widely used open-source AI project, are being targeted by a phishing campaign on GitHub involving fake cryptocurrency token rewards. Cybersecurity firm OX Security reported the scam on Wednesday, noting no victims had been identified so far.
Attackers created fake GitHub accounts and posted messages in repositories they controlled, tagging developers to boost visibility. The posts falsely claimed recipients had won $5,000 worth of CLAW, a non-existent cryptocurrency, and directed them to a cloned website prompting crypto wallet connections — a common tactic used to steal credentials.
OpenClaw creator Peter Steinberger warned on X that any emails claiming association with the project are fraudulent. “We would never do that. The project is open source and non-commercial,” he said. In January, Steinberger had already stated he would never launch a coin.
Launched in November 2025, OpenClaw provides a free, locally run autonomous AI agent for managing files and browser tasks. The project has amassed over 465,000 X subscribers and banned crypto discussions in its official Discord channel in February.
Originally reported by CoinTelegraph.
