While the creator of the AI agent platform OpenClaw banned the mention of bitcoin (BTC) and other crypto assets on its Discord channel, crypto scammers are now targeting developers on GitHub, aiming to steal their wallets.
Cybersecurity firm OX Security warned of a phishing campaign targeting developers to trick them into connecting their crypto wallets to a fake website, which subsequently drains their funds. However, it’s not clear whether anyone has fallen victim to this scam. At the time of writing, the crypto address associated with the criminal still shows a zero balance.
The security experts found that the criminal deleted their account on GitHub after the campaign began. To trick users, the threat actor opened issue threads in repositories and tagged dozens of GitHub developers, claiming that they had won $5,000 worth of CLAW tokens. However, to claim the "prize," they need to visit a site and connect their crypto wallet.
"The linked site is an almost identical clone of openclaw.ai, with one key difference: it adds a 'connect your wallet' button designed to initiate wallet theft," OX said, recommending blocking token-claw[.]xyz, not connecting wallets to untrusted websites, and treating GitHub issues promoting token giveaways or airdrops as suspicious.
The researchers suspect the criminal is using GitHub’s star feature to identify developers who starred OpenClaw-related repositories.
Meanwhile, the phishing website supports many wallets, including MetaMask, Trust Wallet, OKX Wallet, Bybit Wallet, and the WalletConnect protocol, which allows the connection of wallets to various applications.
"The malicious phishing and wallet-stealing code is highly obfuscated and resides inside the 'eleven.js' JavaScript file," the researchers said, adding that the malware has a "nuke" function which deletes all wallet-stealing information from the browser’s local storage.
The agentic economy is emerging as a new cybercrime area, where not only humans but also AI agents are being targeted, as they are increasingly given access to their owners' funds.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked