An OpenClaw developer has reportedly fallen victim to a sophisticated GitHub phishing attack that ta

OpenClaw Developers Targeted in Sophisticated Phishing Scam—Fake GitHub Issues, Clone Site, 'Nuke' Code

OpenClaw's popularity is drawing unwanted attention. Security firm OX Security reports that attackers are targeting its developers with a phishing campaign. Fake GitHub accounts opened issues on attacker-controlled repos, tagging dozens of devs and claiming they'd won $5,000 in CLAW tokens. The bait? A nearly perfect clone of openclaw.ai, except for one thing—a "Connect Wallet" button designed to drain whatever gets connected.

The malicious code was buried in heavily obfuscated JavaScript. It included a "nuke" function to wipe browser local storage and complicate forensics, while beaming wallet addresses and transaction data back to a C2 server. Researchers spotted a likely wallet for stolen funds. The GitHub accounts appeared last week and vanished within hours. No confirmed victims yet, but OpenClaw's Discord has already been drowning in crypto spam. High visibility comes with high risk.