Security firm OX Security detected an active phishing campaign targeting GitHub developers. Attackers impersonated the OpenClaw project by creating Issues in controlled repositories and tagging numerous developers, claiming they were selected to receive CLAW token rewards worth $5,000. The bait links redirect users to a highly counterfeit Openclaw phishing website that lures users to authorize access through a "Connect Wallet" button. Once connected, malicious scripts execute withdrawal and authorization commands to transfer user assets.
Security firm OX Security detected an active phishing campaign targeting GitHub developers. Attackers impersonated the OpenClaw project by creating Issues in controlled repositories and tagging numerous developers, claiming they were selected to receive CLAW token rewards worth $5,000. The bait links redirect users to a highly counterfeit Openclaw phishing website that lures users to authorize access through a "Connect Wallet" button. Once connected, malicious scripts execute withdrawal and authorization commands to transfer user assets.