Scammers are targeting contributors to the viral AI project OpenClaw with a sophisticated phishing campaign aimed at draining crypto wallets.<\/p>\n
By exploiting GitHub\u2019s trusted notification system, attackers lure developers with a fake $5,000 token airdrop that leads directly to a wallet-draining script.<\/p>\n
Fake $5K airdrop targets OpenClaw devs<\/p>\n
Scammers used fake GitHub tags to lure users to a cloned site with a hidden wallet connect.<\/p>\n
Accounts vanished within hours. No confirmed victims yet. <\/p>\n
Stay alert pic.twitter.com\/ZYpmckDJ1j<\/a><\/p>\n \u2014 Bitinning (@bitinning) March 19, 2026<\/a><\/p>\n\n There are no smart contract exploits involved here. Just social engineering, leveraging the hype around AI agents, and unsuspecting users falling for the trap.<\/p>\n It comes as the broader crypto market suffered a slump overnight, with the total market cap falling 4% to $2.5 trillion, with 24-hour trading volume sitting at just over $125Bn.<\/p>\n\n (SOURCE: CoinGecko<\/a>)<\/p>\n According to a report by OX Security<\/a>, threat actors create fraudulent GitHub accounts and open issue threads in repositories they control. They then tag dozens of authentic OpenClaw developers in these threads.<\/p>\n The message is flattering. It claims, \u201cAppreciate your contributions on GitHub. We analyzed profiles and chose developers to get OpenClaw allocation.\u201d The scammers promise $5,000 worth of $CLAW tokens and direct targets to a website that eerily mimics the official openclaw.ai domain.<\/p>\n Once on the site, users are prompted to \u201cConnect your wallet\u201d to claim the funds. This is the trap. The site executes a connection prompt designed to drain assets, powered by a heavily obfuscated JavaScript file hidden in the site\u2019s code named \u201celeven.js.\u201d<\/p>\n OX Security researcher Moshe Siman Tov Bustan noted that the campaign closely resembles previous attacks targeting the Solana ecosystem on GitHub.<\/p>\n DISCOVER:\u00a0The Next 1000x Crypto Gem Before It Lists on Exchanges<\/a><\/strong><\/p>\n Peter Steinberger is joining OpenAI to drive the next generation of personal agents. He is a genius with a lot of amazing ideas about the future of very smart agents interacting with each other to do very useful things for people. We expect this will quickly become core to our\u2026<\/p>\n \u2014 Sam Altman (@sama) February 15, 2026<\/a><\/p>\n\n OpenClaw is currently one of the hottest tech properties. The project has moved from a developer tool to a mainstream AI asset, especially after OpenAI CEO Sam Altman tapped creator Peter Steinberger to lead the company\u2019s push into personal AI agents.<\/p>\n That legitimacy makes it dangerous. Scammers know that developers are currently paying close attention to the project. They also know that developers are likely to hold cryptocurrency and are comfortable using Web3 wallets.<\/p>\n This incident highlights a growing trend where legitimate tools are used as vectors for theft. It echoes Vitalik Buterin\u2019s concerns about\u00a0the intersection of AI and wallet security<\/a>. As AI tools become central to the crypto workflow, the line between helpful automation and malicious extraction blurs.<\/p>\n The attackers even appear to be using GitHub\u2019s \u201cstar\u201d feature to build their target lists, ensuring they go after users who have actively engaged with OpenClaw repositories.<\/p>\n If you are a developer or active GitHub user, you need to lock down your workflow immediately. The sophistication of these clones means visual inspection is often not enough.<\/p>\n Verify the URL:<\/strong> Never click links inside GitHub issue threads from repositories you do not recognize. Always type the official domain manually. DISCOVER:\u00a0Top Crypto Presales to Watch Now<\/a><\/strong><\/p>\n Follow 99Bitcoins on X (Twitter)<\/a> For the Latest Market Updates and Subscribe on YouTube<\/a> For Daily Expert Market Analysis.<\/strong><\/p>\n The post OpenClaw Developers Hit by GitHub Phishing Attack: How to Protect Your Wallet<\/a> appeared first on 99Bitcoins<\/a>.<\/p>","protected":false},"excerpt":{"rendered":" Scammers are targeting contributors to the viral AI project OpenClaw with a sophisticated phishing campaign aimed at draining crypto wallets. By exploiting GitHub\u2019s trusted notification system, attackers lure developers with a fake $5,000 token airdrop that leads directly to a wallet-draining script. Fake $5K airdrop targets OpenClaw devs Scammers used fake GitHub tags to lure […]<\/p>\n","protected":false},"author":0,"featured_media":143321,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-143320","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-discovery"],"_links":{"self":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts\/143320"}],"collection":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=143320"}],"version-history":[{"count":0,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts\/143320\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/media\/143321"}],"wp:attachment":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=143320"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=143320"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=143320"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}The Lure: Fake Contributions and Hidden Scripts<\/h2>\n
Why OpenClaw and Why Now?<\/h2>\n
Visualizing the Threat: Immediate Protective Steps<\/h2>\n
\nCheck the Repo Owner:<\/strong> Official airdrops will come from the project\u2019s main repository, not a random user\u2019s fork. If the repository has few stars or was created recently, it is a trap.
\nUse a Burner Wallet:<\/strong> Never connect your main holding wallet (cold storage) to any dApp or claim site. If you are interacting with a simplified protocol or an airdrop, use a hot wallet with minimal funds.
\nIgnore Unexpected Tags:<\/strong> If you are tagged in a thread by a user you don\u2019t know, treat it as spam instantly. Real projects announce allocations on their official X (Twitter) or Discord channels, not via mass-tagging in random issues.<\/p>\n