A new crypto scam is targeting developers on GitHub, using fake offers and cloned websites to steal funds. Attackers are pretending to be linked with the OpenClaw project and are trying to trick users into connecting their wallets.
The scam starts with fake GitHub accounts. These accounts tag developers in issue threads and claim they have been selected to receive $5,000 worth of $CLAW tokens. The message looks real and is designed to grab attention quickly.
Once users click the link, they are taken to a website that looks almost identical to the official OpenClaw page. There, they see a “Connect your wallet” button. But instead of a normal connection, this step triggers a hidden script that drains the wallet.
Security researchers from OX Security say the attack uses advanced tricks. The code is hidden using obfuscation, making it hard to detect. It also tracks user actions like approvals and declined transactions, sending the data back to hackers.
The attackers even added a “nuke” function. This feature wipes traces from the browser after the attack, making it harder for victims to notice what happened or recover information.
The campaign appears to be targeted. Hackers may be using GitHub activity, like starring repositories, to find users who are more likely to trust the message. This makes the scam feel more personal and believable.
So far, there are no confirmed victims, but at least one wallet linked to the attackers has been found. Experts warn that the threat is real and growing as OpenClaw gains attention in the tech space.
Users are being told to avoid unknown websites and never connect their wallets to unverified platforms. Blocking suspicious domains and staying cautious with unexpected offers can help prevent losses in scams like this.
Follow on Google News
