An OpenClaw developer has reportedly fallen victim to a sophisticated GitHub phishing attack that ta
OpenClaw Developers Targeted in Sophisticated Phishing Scam—Fake GitHub Issues, Clone Site, 'Nuke' Code
OpenClaw's popularity is drawing unwanted attention. Security firm OX Security reports that attackers are targeting its developers with a phishing campaign. Fake GitHub accounts opened issues on attacker-controlled repos, tagging dozens of devs and claiming they'd won $5,000 in CLAW tokens. The bait? A nearly perfect clone of openclaw.ai, except for one thing—a "Connect Wallet" button designed to drain whatever gets connected.
The malicious code was buried in heavily obfuscated JavaScript. It included a "nuke" function to wipe browser local storage and complicate forensics, while beaming wallet addresses and transaction data back to a C2 server. Researchers spotted a likely wallet for stolen funds. The GitHub accounts appeared last week and vanished within hours. No confirmed victims yet, but OpenClaw's Discord has already been drowning in crypto spam. High visibility comes with high risk.
|
DISCLAIMER:
1. All content on this website (including but not limited to articles, data, charts, and analyses) is for general informational purposes only and does not constitute any form of investment advice, trading recommendation, or financial guidance. 2. Cryptocurrencies and digital assets are subject to extreme price volatility and high investment risk; you may lose part or all of your principal. Past performance does not predict future results. 3. The information on this website is based on sources we believe to be reliable, but we do not guarantee its accuracy, completeness, or timeliness. Any investment decisions made based on this website’s information are at your own risk. 4. We strongly recommend that you conduct your own thorough research and consult an independent, licensed financial advisor before making any investment decisions. |
Recommended reading
Latest News
