Verify a decision

{"actor":"system:backfill","investigation_id":"7f57b0c3-0efc-4c23-9c62-d2a0bb98ffd4","kind":"publish","page_slug":"openclaw-github-phishing","published_at":"2026-05-30T04:47:56.177Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"OpenClaw GitHub Phishing Campaign","sections":[{"content":"The OpenClaw GitHub Phishing Campaign encompasses at least two distinct waves of attacks exploiting the reputation of OpenClaw, a popular open-source AI agent framework originally known as Clawdbot and founded by Peter Steinberger. OpenClaw accumulated more than 300,000 GitHub stars following Steinberger's appointment to lead personal AI agent development at OpenAI, making its developer community a high-value target for social-engineering attacks. The campaign is not affiliated with or sanctioned by OpenClaw, its foundation, or Peter Steinberger, who has publicly and repeatedly disavowed any association with tokens or financial incentives tied to the project.","heading":"Campaign Overview","severity":"high","sources":[{"credibility":2,"name":"OpenClaw Developers Targeted in GitHub Phishing Scam — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/03/19/openclaw-developers-targeted-in-github-phishing-scam-offering-fake-token-airdrops"},{"credibility":2,"name":"OpenClaw Developers Lured in GitHub Phishing Campaign — Decrypt","type":"news_article","url":"https://decrypt.co/361646/openclaw-developers-lured-github-phishing-campaign"}]},{"content":"In January 2026, threat actors exploited a brief window during which OpenClaw's founder Peter Steinberger released the project's old GitHub and X (Twitter) handles as part of a forced rebrand — prompted by a trademark claim from Anthropic over the similarity between 'Clawd' and 'Claude.' In the seconds between Steinberger releasing and securing new handles, scammers seized both the GitHub and X accounts. The attackers immediately used the hijacked accounts to promote a fraudulent token called $CLAWD on the Solana blockchain. The token surged to approximately $16 million in market capitalization driven by speculative retail trading, before Steinberger publicly denied involvement. Following his public disavowal — in which he stated 'I will never do a coin. Any project that lists me as coin owner is a SCAM' — the token collapsed more than 90%, wiping out late buyers. Steinberger subsequently stated he came close to deleting the entire OpenClaw project due to harassment from traders who blamed him for not endorsing the token, and he later imposed a blanket ban on all cryptocurrency discussion in the project's Discord server.","heading":"January 2026 Wave: CLAWD Token Account Hijacking","severity":"critical","sources":[{"credibility":2,"name":"Clawdbot Chaos: A Forced Rebrand, Crypto Scam and 24-Hour Meltdown — Decrypt","type":"news_article","url":"https://decrypt.co/356191/clawdbot-chaos-forced-rebrand-crypto-scam-24-hour-meltdown"},{"credibility":2,"name":"Fake 'ClawdBot' AI Token Hits $16M Before 90% Crash — Yahoo Finance","type":"news_article","url":"https://finance.yahoo.com/news/fake-clawdbot-ai-token-hits-121840801.html"},{"credibility":2,"name":"Clawdbot Account Hacks Lead to Launch of Scam Token With $16 Million Market Cap — Incrypted","type":"news_article","url":"https://incrypted.com/en/clawdbot-account-hacks-lead-to-launch-of-scam-token-with-16-million-market-cap/"},{"credibility":2,"name":"Meme Coin CLAWD Hits $16M Market Cap Amid Clawdbot Trend — Phemex News","type":"news_article","url":"https://phemex.com/news/article/meme-coin-clawd-reaches-16m-market-cap-amid-clawdbot-hype-55979"}]},{"content":"A second, distinct attack wave was identified by cybersecurity firm OX Security and disclosed publicly on March 18–19, 2026. Threat actors created fresh GitHub accounts — reportedly established approximately one week before deployment — and used them to open issue threads in attacker-controlled repositories, mass-tagging developers who had starred OpenClaw-related repositories. The lure messages claimed recipients had been 'chosen to get OpenClaw allocation' worth approximately $5,000 in CLAW tokens as a reward for their GitHub contributions. The messages directed victims to token-claw[.]xyz, a near-identical clone of the legitimate openclaw.ai website, with one material addition: a 'Connect your wallet' button. The phishing site supported major wallet integrations including MetaMask, WalletConnect, Trust Wallet, OKX Wallet, and Bybit Wallet. Links were frequently routed through a Google LinkShare redirect URL to obscure the malicious destination. The attacker accounts were deleted within hours of the campaign launching, consistent with a hit-and-run operational pattern. At the time of OX Security's publication, no confirmed victims had been reported and the identified attacker wallet had recorded no transactions.","heading":"March 2026 Wave: GitHub Issue Tagging and CLAW Token Airdrop Lure","severity":"high","sources":[{"credibility":2,"name":"OpenClaw Developers Targeted in Crypto-Wallet Phishing Attack — OX Security","type":"research","url":"https://www.ox.security/blog/openclaw-github-phishing-crypto-wallet-attack/"},{"credibility":2,"name":"OpenClaw GitHub Phishing Scam Uses Fake $5,000 Token Airdrops — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/03/19/openclaw-developers-targeted-in-github-phishing-scam-offering-fake-token-airdrops"},{"credibility":2,"name":"OpenClaw Devs Targeted in GitHub Phishing Scam Promising $5K Airdrop — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/03/19/openclaw-devs-targeted-in-github-phishing-scam-promising-5k-airdrop/"},{"credibility":3,"name":"Likely Crypto Airdrop Scam Targeting GitHub Contributors (OpenClaw / $Claw) — Hacker News","type":"community_report","url":"https://news.ycombinator.com/item?id=47425248"}]},{"content":"OX Security's technical analysis of the March 2026 wave identified a sophisticated wallet-draining payload embedded within a heavily obfuscated JavaScript file named eleven.js. Once a victim connected a wallet to the phishing site, the malicious code initiated communication with a command-and-control (C2) server hosted at watery-compost[.]today. The C2 infrastructure collected wallet addresses, transaction values, and usernames in real time, relaying data through named state transitions labeled PromptTx, Approved, and Declined. The code also included a self-destruct routine referred to as a 'nuke' function, which deleted all wallet-theft artifacts from the browser's local storage upon execution, frustrating post-incident forensic analysis. OX Security identified the attacker's Ethereum wallet address as 0x6981E9EA7023a8407E4B08ad97f186A5CBDaFCf5, which showed zero transactions at the time of disclosure. The malware enumerated more than 90 cryptocurrency wallet addresses and over 100 blockchain RPC endpoints for target reconnaissance. The phishing infrastructure suggests preparation for large-scale wallet draining, though the campaign was detected and disrupted before significant funds were stolen.","heading":"Technical Analysis: Wallet Drainer Infrastructure","severity":"high","sources":[{"credibility":2,"name":"OpenClaw Developers Targeted in Crypto-Wallet Phishing Attack — OX Security","type":"research","url":"https://www.ox.security/blog/openclaw-github-phishing-crypto-wallet-attack/"},{"credibility":2,"name":"GitHub Phishers Use Fake OpenClaw Tokens to Drain Crypto Wallets — CSO Online","type":"news_article","url":"https://www.csoonline.com/article/4150456/github-phishers-use-fake-openclaw-tokens-to-drain-crypto-wallets.html"},{"credibility":2,"name":"Fake OpenClaw Token Giveaway Targets GitHub Devs with Wallet-Draining Scam — HackRead","type":"news_article","url":"https://hackread.com/fake-openclaw-token-github-devs-wallet-drainer-scam/"}]},{"content":"The following indicators were identified by OX Security and corroborated by multiple security outlets and community reports in connection with the March 2026 wave of the campaign. Phishing domains: token-claw[.]xyz (primary phishing site cloning openclaw.ai) and watery-compost[.]today (C2 server). Redirect infrastructure: share[.]google/LnvVOHW6pravJMSu7 (Google LinkShare URL used to obscure the malicious destination). Attacker Ethereum wallet: 0x6981E9EA7023a8407E4B08ad97f186A5CBDaFCf5. Malicious payload file: eleven.js (obfuscated JavaScript embedded in the phishing site). OX Security recommends blocking token-claw[.]xyz and watery-compost[.]today across all environments, revoking wallet approvals granted to recently connected unknown sites, and treating any GitHub issue promoting token giveaways or airdrops — especially from newly created accounts — as high-confidence social engineering.","heading":"Indicators of Compromise (IOCs)","severity":"high","sources":[{"credibility":2,"name":"OpenClaw Developers Targeted in Crypto-Wallet Phishing Attack — OX Security","type":"research","url":"https://www.ox.security/blog/openclaw-github-phishing-crypto-wallet-attack/"},{"credibility":2,"name":"GitHub Phishers Use Fake OpenClaw Tokens to Drain Crypto Wallets — CSO Online","type":"news_article","url":"https://www.csoonline.com/article/4150456/github-phishers-use-fake-openclaw-tokens-to-drain-crypto-wallets.html"}]},{"content":"OpenClaw founder Peter Steinberger has publicly and consistently disavowed any cryptocurrency association with the project. Following the January 2026 CLAWD account-hijacking incident, Steinberger wrote publicly: 'I will never do a coin. Any project that lists me as coin owner is a SCAM.' He subsequently imposed a blanket ban on all cryptocurrency discussion — including the words 'bitcoin' and 'crypto' — in OpenClaw's official Discord server, stating the project is 'open source and non-commercial' and would never conduct token distributions. Steinberger also disclosed to Lex Fridman that he considered deleting the entire OpenClaw project due to sustained harassment from retail token buyers. Following the March 2026 phishing disclosure, Steinberger again warned developers publicly that the project has no ties to any token or financial incentives. A GitHub security issue (referenced as issue #49836 in the OpenClaw repository) was formally filed by community members, and GitHub was notified of the malicious accounts.","heading":"OpenClaw Project Response and Founder Statements","severity":"medium","sources":[{"credibility":2,"name":"Mentioning 'Bitcoin' on OpenClaw's Discord Will Get You Banned — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/02/22/mentioning-bitcoin-or-crypto-on-ai-agent-openclaw-s-discord-will-get-you-banned"},{"credibility":2,"name":"OpenClaw Bans All Crypto Talk on Discord After CLAWD Token Chaos — CoinMarketCap","type":"news_article","url":"https://coinmarketcap.com/academy/article/openclaw-bans-all-crypto-talk-on-discord-after-clawd-token-chaos"},{"credibility":2,"name":"OpenClaw Creator Bans Bitcoin, Crypto Chatter After Joining OpenAI — Decrypt","type":"news_article","url":"https://decrypt.co/358856/openclaw-creator-bans-bitcoin-crypto-chatter-openai"},{"credibility":3,"name":"Likely Crypto Airdrop Scam Targeting GitHub Contributors (OpenClaw / $Claw) — Hacker News","type":"community_report","url":"https://news.ycombinator.com/item?id=47425248"}]},{"content":"As of the time of OX Security's March 18, 2026 disclosure and subsequent media reporting through March 19, 2026, no confirmed victims of the wallet-draining phishing infrastructure had been reported, and the identified attacker Ethereum address showed no inbound or outbound transactions. The March 2026 campaign appears to have been detected and publicized quickly enough to disrupt execution before significant financial losses occurred. The January 2026 CLAWD token collapse, by contrast, caused material financial harm to retail investors who purchased the fraudulent Solana token before the collapse of more than 90% from its peak market capitalization of approximately $16 million. No precise figures for total retail losses in the January 2026 wave have been confirmed by a Tier 1 source. One aggregator (ainvest.com) alleged a $30 million drain figure in connection with the March 2026 campaign, but this figure is not corroborated by OX Security, Decrypt, CoinDesk, or CSO Online and should be treated as low-confidence.","heading":"Victim Impact and Confirmed Losses","severity":"medium","sources":[{"credibility":2,"name":"OpenClaw Developers Targeted in Crypto-Wallet Phishing Attack — OX Security","type":"research","url":"https://www.ox.security/blog/openclaw-github-phishing-crypto-wallet-attack/"},{"credibility":2,"name":"Wallet Draining Scam Targets OpenClaw Community With Fake Airdrop — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/wallet-draining-scam-targets-openclaw-community-with-fake-airdrop/"}]},{"content":"The OpenClaw phishing campaign is illustrative of a broader class of attacks targeting developers on GitHub using fake token airdrop lures. The operational pattern — creating fresh GitHub accounts, mass-tagging developers who starred a popular repository, linking to a cloned website with a wallet-connect prompt, and deleting accounts within hours — is consistent with professional phishing-as-a-service toolkits observed across the crypto space. The targeting of OpenClaw specifically reflects threat actors' opportunistic exploitation of high-visibility AI developer tools with large, technically sophisticated user bases who are likely to hold meaningful crypto balances. Security researchers at OX Security noted that attackers may have scraped GitHub's public 'star' data to build their target list. CSO Online and the Hacker News community both observed that the campaign's rapid detection and disruption was aided by the scale of public disclosure and GitHub's responsiveness to abuse reports.","heading":"Attack Pattern Context: GitHub Airdrop Phishing","severity":"medium","sources":[{"credibility":2,"name":"GitHub Phishers Use Fake OpenClaw Tokens to Drain Crypto Wallets — CSO Online","type":"news_article","url":"https://www.csoonline.com/article/4150456/github-phishers-use-fake-openclaw-tokens-to-drain-crypto-wallets.html"},{"credibility":2,"name":"OpenClaw & MoltBot: The First AI Agent Security Nightmare — Astrix Security","type":"research","url":"https://astrix.security/learn/blog/openclaw-moltbot-the-rise-chaos-and-security-nightmare-of-the-first-real-ai-agent/"},{"credibility":3,"name":"How the OpenClaw GitHub Phishing Attack Actually Worked — DEV Community","type":"community_report","url":"https://dev.to/cryip/how-the-openclaw-github-phishing-attack-actually-worked-and-how-to-defend-against-it-4i21"}]}],"sources_used":[{"credibility":2,"name":"OpenClaw Developers Targeted in Crypto-Wallet Phishing Attack — OX Security","type":"research","url":"https://www.ox.security/blog/openclaw-github-phishing-crypto-wallet-attack/"},{"credibility":2,"name":"OpenClaw GitHub Phishing Scam Uses Fake $5,000 Token Airdrops — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/03/19/openclaw-developers-targeted-in-github-phishing-scam-offering-fake-token-airdrops"},{"credibility":2,"name":"OpenClaw Developers Lured in GitHub Phishing Campaign — Decrypt","type":"news_article","url":"https://decrypt.co/361646/openclaw-developers-lured-github-phishing-campaign"},{"credibility":2,"name":"GitHub Phishers Use Fake OpenClaw Tokens to Drain Crypto Wallets — CSO Online","type":"news_article","url":"https://www.csoonline.com/article/4150456/github-phishers-use-fake-openclaw-tokens-to-drain-crypto-wallets.html"},{"credibility":2,"name":"Fake OpenClaw Token Giveaway Targets GitHub Devs with Wallet-Draining Scam — HackRead","type":"news_article","url":"https://hackread.com/fake-openclaw-token-github-devs-wallet-drainer-scam/"},{"credibility":2,"name":"Clawdbot Chaos: A Forced Rebrand, Crypto Scam and 24-Hour Meltdown — Decrypt","type":"news_article","url":"https://decrypt.co/356191/clawdbot-chaos-forced-rebrand-crypto-scam-24-hour-meltdown"},{"credibility":2,"name":"Fake 'ClawdBot' AI Token Hits $16M Before 90% Crash — Yahoo Finance","type":"news_article","url":"https://finance.yahoo.com/news/fake-clawdbot-ai-token-hits-121840801.html"},{"credibility":2,"name":"Clawdbot Account Hacks Lead to Launch of Scam Token With $16 Million Market Cap — Incrypted","type":"news_article","url":"https://incrypted.com/en/clawdbot-account-hacks-lead-to-launch-of-scam-token-with-16-million-market-cap/"},{"credibility":2,"name":"Meme Coin CLAWD Hits $16M Market Cap Amid Clawdbot Trend — Phemex News","type":"news_article","url":"https://phemex.com/news/article/meme-coin-clawd-reaches-16m-market-cap-amid-clawdbot-hype-55979"},{"credibility":2,"name":"Mentioning 'Bitcoin' on OpenClaw's Discord Will Get You Banned — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/02/22/mentioning-bitcoin-or-crypto-on-ai-agent-openclaw-s-discord-will-get-you-banned"},{"credibility":2,"name":"OpenClaw Bans All Crypto Talk on Discord After CLAWD Token Chaos — CoinMarketCap","type":"news_article","url":"https://coinmarketcap.com/academy/article/openclaw-bans-all-crypto-talk-on-discord-after-clawd-token-chaos"},{"credibility":2,"name":"OpenClaw Creator Bans Bitcoin, Crypto Chatter After Joining OpenAI — Decrypt","type":"news_article","url":"https://decrypt.co/358856/openclaw-creator-bans-bitcoin-crypto-chatter-openai"},{"credibility":2,"name":"OpenClaw Devs Targeted in GitHub Phishing Scam Promising $5K Airdrop — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/03/19/openclaw-devs-targeted-in-github-phishing-scam-promising-5k-airdrop/"},{"credibility":2,"name":"Wallet Draining Scam Targets OpenClaw Community With Fake Airdrop — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/wallet-draining-scam-targets-openclaw-community-with-fake-airdrop/"},{"credibility":3,"name":"Likely Crypto Airdrop Scam Targeting GitHub Contributors (OpenClaw / $Claw) — Hacker News","type":"community_report","url":"https://news.ycombinator.com/item?id=47425248"},{"credibility":2,"name":"OpenClaw & MoltBot: The First AI Agent Security Nightmare — Astrix Security","type":"research","url":"https://astrix.security/learn/blog/openclaw-moltbot-the-rise-chaos-and-security-nightmare-of-the-first-real-ai-agent/"},{"credibility":3,"name":"OpenClaw Bans All Crypto Mentions After Scammers Hijacked Accounts — Jalookout","type":"news_article","url":"https://jalookout.com/2026/02/22/openclaw-crypto-ban-fake-token-scam-discord-bitcoin/"}],"summary":"The OpenClaw GitHub Phishing Campaign is a series of coordinated social-engineering attacks, active since at least January 2026, that exploit the brand identity of OpenClaw — a legitimate open-source AI agent framework with over 300,000 GitHub stars — to lure crypto developers into connecting cryptocurrency wallets to a malicious cloned website. The March 2026 wave used fake GitHub accounts to mass-tag developers with promises of a $5,000 CLAW token airdrop, directing them to a wallet-draining site at token-claw[.]xyz backed by obfuscated JavaScript and a command-and-control server. An earlier January 2026 wave involved the hijacking of official OpenClaw social accounts and a fraudulent CLAWD token on Solana that briefly reached a $16 million market cap before collapsing more than 90%.","timeline":[{"date":"2026-01-01","event":"Anthropic issues a trademark claim against Clawdbot (the original name of OpenClaw) over similarity with the 'Claude' brand, prompting founder Peter Steinberger to announce a rebrand.","source":"Decrypt","source_url":"https://decrypt.co/356191/clawdbot-chaos-forced-rebrand-crypto-scam-24-hour-meltdown"},{"date":"2026-01-01","event":"During the brief window in which Steinberger released old GitHub and X handles, threat actors seized both accounts and began promoting the fraudulent $CLAWD token on Solana. The token surged to approximately $16 million in market capitalization before collapsing more than 90% after Steinberger publicly disavowed it.","source":"Decrypt / Yahoo Finance","source_url":"https://finance.yahoo.com/news/fake-clawdbot-ai-token-hits-121840801.html"},{"date":"2026-02-22","event":"Following sustained crypto-related harassment, Peter Steinberger imposes a blanket ban on all cryptocurrency discussion in the OpenClaw Discord server, including the words 'bitcoin' and 'crypto'. CoinDesk reports on the policy.","source":"CoinDesk","source_url":"https://www.coindesk.com/tech/2026/02/22/mentioning-bitcoin-or-crypto-on-ai-agent-openclaw-s-discord-will-get-you-banned"},{"date":"2026-03-11","event":"Threat actors create fresh GitHub accounts (approximately one week before the March 18 campaign launch) in preparation for the second phishing wave.","source":"OX Security","source_url":"https://www.ox.security/blog/openclaw-github-phishing-crypto-wallet-attack/"},{"date":"2026-03-18","event":"OX Security identifies and publicly discloses an active phishing campaign targeting OpenClaw developers via GitHub issue threads, promising $5,000 CLAW token airdrops. Malicious domains token-claw[.]xyz and watery-compost[.]today are identified as key infrastructure. Attacker GitHub accounts are deleted within hours of the campaign beginning.","source":"OX Security","source_url":"https://www.ox.security/blog/openclaw-github-phishing-crypto-wallet-attack/"},{"date":"2026-03-19","event":"CoinDesk, Decrypt, CSO Online, CryptoTimes, HackRead, and multiple other outlets report on the OX Security disclosure. Peter Steinberger publicly reiterates that OpenClaw has no association with any token. Community members file GitHub security issue #49836 in the OpenClaw repository.","source":"CoinDesk","source_url":"https://www.coindesk.com/tech/2026/03/19/openclaw-developers-targeted-in-github-phishing-scam-offering-fake-token-airdrops"}]},"v":1}