Scammers Hit OpenClaw Contributors With GitHub-Powered Wallet-Draining Trap

19-Mar-2026 Crypto Economy

TL;DR

Scammers targeted OpenClaw contributors through fake GitHub issue threads, using a $5,000 $CLAW airdrop to lure users toward a wallet-draining site.
The phishing page mimicked the official domain and used an obfuscated JavaScript file called “eleven.js,” showing the attack relied on social engineering, not a smart contract exploit.
The report urged developers to verify URLs, confirm repository ownership, ignore unexpected tags, and use burner wallets for claims or unfamiliar dApps.

Scammers have found a sharply effective way to hunt crypto holders inside a trusted developer workflow. The trap starts with credibility, not code exploits. In the reported campaign, contributors connected to the viral AI project OpenClaw were targeted through fake GitHub accounts and issue threads that tagged real developers directly. The bait was a flattering promise of a $5,000 $CLAW token allocation, framed as a reward for GitHub contributions. Targets were then pushed to a site mimicking the official OpenClaw domain, where a wallet connection prompt served as the gateway to a draining setup online.

Fake $5K airdrop targets OpenClaw devs

Scammers used fake GitHub tags to lure users to a cloned site with a hidden wallet connect.

Accounts vanished within hours. No confirmed victims yet.

Stay alert pic.twitter.com/ZYpmckDJ1j

— Bitinning (@bitinning) March 19, 2026

Why the OpenClaw Hook Worked So Well

What makes the operation more unsettling is how ordinary the setup appears at first glance. A cloned site and hidden script do the heavy lifting. The report says the phishing page directed users to connect their wallets to claim the supposed allocation, while a heavily obfuscated JavaScript file called “eleven.js” handled the malicious logic underneath. Researchers said there was no smart contract exploit involved, only social engineering wrapped in Web3 behavior. That distinction matters, because it shows the attack relied less on breaking software and more on manipulating user trust at precisely the right moment.

Scammers targeted OpenClaw contributors through fake GitHub issue threads, using a $5,000 $CLAW airdrop to lure users toward a wallet-draining site.

Timing appears central to why this lure could resonate so quickly. OpenClaw’s rising profile gave the scam immediate plausibility. The project had become one of the hottest names in tech, moving beyond a developer tool into a mainstream AI narrative. That visibility intensified further after Sam Altman selected creator Peter Steinberger to help drive OpenAI’s work on AI agents. According to the report, attackers likely understood that OpenClaw contributors were attentive, comfortable with Web3 wallets, and easier to approach with a reward-based message that felt tailored, timely, and unusually credible to many potential targets online.

The report also outlined a practical lesson that extends well beyond one project. Operational security, not curiosity, is now the first line of defense. Developers were urged to avoid clicking links in unfamiliar GitHub issue threads, manually type official domains, verify repository ownership, and treat unexpected tags as spam by default. It recommended using a burner wallet instead of a primary holding wallet for claims or dApp interactions. The broader warning is difficult to ignore: as AI hype and crypto tooling converge, polished scams may keep exploiting legitimate platforms to turn attention into wallet access.

Also read: Devs Targeted in OpenClaw GitHub Phishing Campaign

About Author Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc fermentum lectus eget interdum varius. Curabitur ut nibh vel velit cursus molestie. Cras sed sagittis erat. Nullam id ante hendrerit, lobortis justo ac, fermentum neque. Mauris egestas maximus tortor. Nunc non neque a quam sollicitudin facilisis. Maecenas posuere turpis arcu, vel tempor ipsum tincidunt ut.