OpenClaw’s developer community was hit by a coordinated phishing campaign in mid-March 2026, prompting the project’s creator to issue a public warning on March 19. The attackers posed as OpenClaw across GitHub and cloned websites, using fake token-reward messages to lure developers into connecting wallets and exposing their assets.
The campaign relied on a familiar but effective trick: convincing contributors that they had received a $CLAW token grant that did not exist. According to cybersecurity researchers and statements from Peter Steinberger, the operation used GitHub notifications and copycat versions of openclaw.ai to make the scam appear legitimate.
How the phishing campaign worked
Attackers created fake GitHub accounts and repositories, then used issues and discussion threads to tag contributors and stargazers directly. Those messages told targets they had won token rewards, often described as $5,000 or “5001” CLAW tokens, and pushed them toward fraudulent domains such as token-claw[.]xyz.
The cloned sites were designed to look convincing enough to trigger a rushed wallet connection. Once victims landed on the fake pages, they were met with a prominent “Connect Wallet” prompt that turned a developer-facing notification into a wallet-drain setup.
Researchers said the malicious pages ran obfuscated JavaScript that harvested wallet addresses, balances and transaction history after a connection was made. One analysis pointed to hidden code in files such as eleven.js, and also described a so-called “nuke” function that wiped browser local storage to make forensic review harder.
At least one suspected wallet address was identified as a destination for stolen funds, although no confirmed victims had been publicly established when researchers published their findings. Even without confirmed losses, the technical structure of the campaign made clear that the goal was direct asset theft rather than spam or impersonation alone.
OpenClaw and security researchers moved quickly
Peter Steinberger responded publicly on March 19 by warning that any crypto outreach or token offering claiming to be connected to OpenClaw was fraudulent. That statement was reinforced by OX Security, which published a detailed report on March 18 and urged developers to treat unsolicited GitHub tags and reward messages as hostile by default.
The incident did not emerge in isolation, but as part of a broader pattern of abuse surrounding OpenClaw after its rapid rise earlier in 2026. That pattern has already included fake npm packages, exposed instances, supply-chain tampering attempts and unauthorized memecoins launched under the project’s name.
The broader lesson is that developer ecosystems have become a high-value attack surface for wallet phishing and social engineering. For teams and contributors, the immediate priority is simple: verify every URL, distrust unsolicited token messages, revoke wallet approvals after any suspicious interaction, and treat public developer platforms as part of the threat model rather than as neutral infrastructure.
