A new crypto phishing scam is targeting developers on GitHub, using fake offers of free tokens to trick users into giving away access to their wallets. The attack copies the branding of OpenClaw to look real and gain trust.
According to a report by OX Security, scammers create fake accounts and post messages in repositories. They tag developers and claim they have been selected to receive $5,000 worth of $CLAW tokens.
The message includes a link to a fake website that looks almost identical to the real OpenClaw page. Once users land there, they are asked to click a “Connect your wallet” button.
But instead of a normal connection, the site runs hidden malicious code. This allows attackers to access the user’s wallet and drain funds without warning.
Researchers say the attack is quite advanced. It uses obfuscated JavaScript and tracks user actions like approvals and declined transactions. The data is then sent back to a server controlled by the scammers.
The campaign appears to target specific users. Attackers may be using GitHub’s activity features, like starred repositories, to find people already interested in OpenClaw-related projects.
So far, there are no confirmed victims. However, experts warn that the setup is dangerous and convincing enough to fool even experienced developers.
Users are being told to avoid unknown links and never connect their crypto wallets to unverified websites. Blocking suspicious domains linked to the scam is also strongly recommended.
