Developers working with the fast-rising AI agent project OpenClaw are being targeted in a coordinated GitHub phishing campaign designed to steal crypto wallets, highlighting growing security risks around AI-driven developer ecosystems.
According to cybersecurity researchers, attackers created fake GitHub accounts and repositories to target OpenClaw developers directly. These accounts would:
Tag developers in issue threads
Promote fake opportunities or rewards
Redirect users to malicious websites
In many cases, victims were told they had won up to $5,000 worth of “$CLAW” tokens, a tactic designed to create urgency and entice clicks.
Once users clicked the links, they were sent to a cloned version of the official OpenClaw website, nearly identical in appearance.
The key difference:
A “Connect Wallet” button that triggered malicious scripts
Behind the scenes, attackers deployed obfuscated JavaScript and command-and-control infrastructure to extract wallet credentials and drain funds.
The campaign specifically targeted OpenClaw due to its explosive growth and popularity among developers, making it an attractive attack surface.
OpenClaw, an open-source AI agent platform, has gained significant traction in 2026 as developers use it to automate tasks, build tools, and integrate AI into workflows.
This rapid adoption has created a familiar pattern in crypto and AI:
New technology → rapid hype → attacker exploitation
This phishing campaign is part of a larger wave of attacks targeting:
AI developer tools
Open-source ecosystems
Crypto wallet integrations
Security researchers warn that attackers are increasingly exploiting trusted platforms like GitHub to distribute scams, knowing developers are more likely to trust code hosted there.
Additionally, combining AI tools with crypto wallets creates a high-value target, since compromised systems can expose:
Private keys
API credentials
Sensitive development data
Stablecoin giant Tether has dramatically escalated its enforcement activity after blacklisting 370 blockchain addresses and freezing approximately $514.64 million worth…
Crypto exchange giant Coinbase experienced a major service outage that disrupted trading, transfers, and exchange operations after…
Cross-chain messaging protocol LayerZero has publicly apologized for its handling of the massive Kelp DAO exploitthat drained approximately $292…
Executives from PayPal and Google Cloud said the future of “agentic commerce” — where AI agents autonomously buy goods,…
Crypto exchange giant Kraken is making a major move deeper into the U.S. financial system after its…
A major national security scandal has erupted in Taiwan after prosecutors indicted a Taiwanese news…