Key Points
- Cybercriminals deploy fraudulent $CLAW token giveaways targeting OpenClaw contributors.
- Malicious JavaScript code designed to compromise cryptocurrency wallets and delete evidence.
- Attack vectors include fraudulent GitHub issues, fake repositories, and personalized developer mentions.
- OpenClaw implements Discord cryptocurrency discussion ban to combat fraud.
- Recommended actions: blacklist token-claw.xyz, immediately revoke all wallet permissions.
The rising prominence of OpenClaw has sparked a sophisticated phishing operation targeting its developer community through GitHub. Cybercriminals establish counterfeit accounts, generate fraudulent issues, and directly mention developers to draw them into the trap. This campaign’s primary objective is deceiving victims into authorizing wallet connections on compromised websites to siphon cryptocurrency assets.
The fraudulent scheme falsely notifies developers they’ve received $5,000 in $CLAW tokens and redirects them to counterfeit websites mimicking OpenClaw’s authentic platform. Threat actors leverage perceived authenticity to enhance the deception’s effectiveness and precision. Security analysts caution that any engagement with these fraudulent platforms risks complete wallet compromise.
Following increased public recognition, OpenClaw’s open-source infrastructure now functions under foundation governance. This framework enables autonomous AI agents to execute operations, interface with communication platforms, and handle scheduling independently. The project’s prominent transition has simultaneously attracted legitimate interest and malicious exploitation.
Attack Methodology Leverages OpenClaw’s GitHub Infrastructure
Threat actors identify OpenClaw participants through GitHub capabilities including starred projects and discussion threads. They establish repositories under compromised accounts to simultaneously target numerous developers. These tactics create an illusion of personalization and trustworthiness for potential victims.
Malicious JavaScript files, including “eleven.js,” contain wallet-draining code engineered for stealth operation. The malware incorporates a “nuke” capability that eliminates local browser storage to evade discovery. It additionally monitors user behaviors such as PromptTx, Approved, and Declined, transmitting intelligence to remote command infrastructure.
Security researchers identified at least one cryptocurrency address associated with this operation, though no successful thefts have been verified. The perpetrators rapidly delete their accounts following initial contact, minimizing forensic trails and hindering investigative efforts. OpenClaw’s developer ecosystem represents a valuable target given its expanding community.
OpenClaw Implements Strict Cryptocurrency Discussion Restrictions
Peter Steinberger, OpenClaw’s founder, has prohibited all cryptocurrency-related promotions throughout its Discord channels to mitigate scam exposure. Developers who attempt token-related discussions face immediate removal or access limitations to preserve community security. This stringent policy seeks to minimize fraudulent operations exploiting OpenClaw’s infrastructure.
The campaign emerged shortly after OpenAI revealed Steinberger would oversee OpenClaw’s personal AI agent program. OpenClaw’s public profile expanded dramatically, establishing it as an attractive target for phishing operations capitalizing on the project’s reputation. Security experts stress that developers must reject all unverified token distribution claims associated with OpenClaw.
Cybersecurity services advise blocking domains including token-claw[.]xyz and watery-compost[.]today to prevent wallet exploitation. Individuals who recently authorized wallet connections should immediately revoke all permissions to protect their holdings. While OpenClaw maintains its growth trajectory, it now confronts challenges from adversaries exploiting its success.
