A GitHub phishing campaign targeting OpenClaw developers used fake airdrops to steal funds from cryptocurrency wallets.

CoinFeed reported on March 19th that, according to Decrypt, security platform OX Security disclosed that developers of the AI ​​agent project OpenClaw are becoming targets of cryptocurrency phishing campaigns. Attackers created fake GitHub accounts, initiated issues in attacker-controlled repositories, and tagged dozens of developers, claiming they had won a $5,000 CLAW token reward, then redirected them to a clone website almost identical to openclaw.ai. This phishing website had an additional "Connect Wallet" button, designed to steal assets from connected wallets. Malicious code was hidden in a deeply obfuscated JavaScript file, possessing a "nuke" function to clear browser local storage data to hinder forensic analysis, and encoding wallet addresses, transaction values, and other information before sending them back to a C2 server.