The developers behind OpenClaw, a prominent open-source AI project, are facing a new threat as phishing attackers are using GitHub to lure users with promises of non-existent cryptocurrency rewards. Cybersecurity firm OX Security reported the scam on Wednesday, noting that no victims have been identified so far. However, the creator of OpenClaw, Peter Steinberger, has taken to X (formerly Twitter) to warn the community about the fraudulent activities.
“We would never do that. The project is open source and non-commercial,” Steinberger said, urging users to only visit the official site and to ignore any emails claiming an association with the project. The phishing campaign involves attackers creating fake GitHub accounts that post messages in attacker-controlled repositories, tagging developers to increase visibility. The messages claim that recipients have won $5,000 worth of a non-existent cryptocurrency called ‘CLAW,’ in an attempt to trick them into visiting a cloned website.
The Phishing Tactic: A Closer Look
The cloned website resembles OpenClaw’s official page and prompts users to connect their crypto wallets. This is a common phishing tactic used to steal credentials or secure malicious approvals. According to OX Security, the attackers are leveraging the popularity of OpenClaw, which has gained significant traction since its launch in November 2025. The project offers a free, open-source autonomous AI agent that runs locally on computers to manage files, software, and browser tasks via chat platforms like WhatsApp or Telegram.
Community Response and Preventive Measures
OpenClaw has amassed more than 465,000 subscribers on X in the months following its launch, indicating a strong and engaged community. However, the community is also aware of the ongoing threats. Social media reports show that many developers quickly labeled the campaign as a scam. In a move to combat such scams, the OpenClaw project confirmed a ban on Bitcoin (BTC) and crypto discussions in its official Discord channel in February.
“I will never do a coin. Any project that lists me as coin owner is a scam,” Steinberger reiterated in an X post in January. The project’s commitment to remaining non-commercial and open-source is a clear stance against the rising trend of cryptocurrency scams targeting popular projects.
Broader Implications and Future Outlook
The phishing campaign targeting OpenClaw is part of a broader trend where attackers exploit the trust and interest surrounding popular tech projects. As more developers and users engage with open-source AI and blockchain projects, the risk of such scams increases. The cybersecurity community is closely monitoring these activities and advising users to stay vigilant and verify the authenticity of communications and websites.
For OpenClaw, the focus remains on continuing its mission to provide a powerful, free, and accessible AI tool while maintaining a secure and trusted environment for its users. As the project grows, so too must its efforts to educate and protect its community from potential threats.
About the Author
