Cybersecurity researchers and the creator of the popular open-source AI project OpenClaw have issued warnings about a phishing campaign targeting developers on GitHub. Attackers are using fake accounts to lure users with promises of a fraudulent “CLAW” cryptocurrency token worth $5,000, directing them to a cloned website to steal crypto wallet credentials. The project’s founder has repeatedly stated that OpenClaw is non-commercial and will never launch a token, and no victims have been confirmed so far.
Developers behind the prominent OpenClaw AI project are facing targeted phishing attacks on the GitHub platform. OX Security reported the scheme involves fake accounts posting messages about non-existent $5,000 cryptocurrency rewards.
The attackers specifically tagged developers in repositories to increase visibility for their fraudulent posts. These messages directed recipients to a cloned website mimicking the official OpenClaw page to connect their crypto wallets.
OpenClaw creator Peter Steinberger separately warned users about the scam on social media. “We would never do that. The project is open source and non-commercial,” Steinberger stated.
He had previously emphasized in January that the project would never involve a cryptocurrency. “I will never do a coin. Any project that lists me as coin owner is a scam,” he posted.
The campaign attempts to exploit the popularity of OpenClaw, an autonomous AI agent launched in late 2025. The project amassed over 465,000 subscribers on social media within months, drawing significant developer engagement.
According to social media reports, many developers immediately recognized the campaign as fraudulent. In a prior move against scams, the project’s official Discord channel banned all discussions about Bitcoin and cryptocurrency in February.
