OpenClaw Crypto Phishing Scam Targets GitHub Developers

Todayq News · 2026-03-19T08:43:01.000Z

Des chercheurs en cybersécurité ont découvert une campagne de phishing active visant les développeurs en exploitant la popularité croissante du projet OpenClaw, les attaquants utilisant une fausse activité GitHub pour inciter les victimes à connecter leurs portefeuilles de crypto-monnaies. Selon un rapport publié par OX Security, des acteurs malveillants créent des comptes GitHub frauduleux et ouvrent des fils de discussion de problèmes dans des dépôts contrôlés par des attaquants. Ces publications taguent des dizaines de développeurs pour maximiser la visibilité et l'engagement, augmentant la probabilité d'attaques réussies.

Cybersecurity researchers have uncovered an active phishing campaign targeting developers by exploiting the growing popularity of the OpenClaw project, with attackers using fake GitHub activity to lure victims into connecting their crypto wallets.
According to a report published by OX Security, threat actors are creating fraudulent GitHub accounts and opening issue threads in attacker-controlled repositories. These posts tag dozens of developers to maximize visibility and engagement, increasing the likelihood of successful attacks.
The phishing messages claim that targeted users have been selected to receive $5,000 worth of CLAW tokens as a reward for their GitHub contributions. 
Victims are then directed to a malicious website that closely mimics the official OpenClaw platform. The fake site includes a “Connect your wallet” feature, which is designed to initiate unauthorized access and drain funds from users’ crypto wallets.
Researchers noted that the attackers are leveraging social engineering tactics to enhance credibility. In one observed message, the threat actors wrote, “Appreciate your contributions on GitHub. 
We analyzed profiles and chose developers to get OpenClaw allocation,” attempting to create a sense of exclusivity and legitimacy.
The campaign is reportedly spreading through GitHub’s issue tracking system, with attackers potentially identifying targets by analyzing users who have starred repositories related to OpenClaw. This targeted approach increases the chances that recipients will trust the message.
The phishing site supports multiple popular wallets, including MetaMask, Trust Wallet, and OKX Wallet, allowing attackers to cast a wide net across the crypto ecosystem.
Security experts have urged developers and crypto users to remain cautious when interacting with unsolicited GitHub messages, particularly those promoting token giveaways or airdrops. 
Users are advised to avoid connecting wallets to unverified websites, block malicious domains, and review recent wallet permissions for suspicious activity.
The incident highlights the increasing overlap between open-source development platforms and crypto-related threats, as attackers continue to exploit trusted ecosystems to execute sophisticated phishing campaigns.
Your web3 identity + services + payments in one single link. Get your pay3.so link today.