Cybersecurity firm OX Security reported this week that it identified the campaign, which impersonates the Openclaw ecosystem and uses fake Github accounts to reach developers directly.
Attackers post issue threads in repositories and tag users, claiming they have been selected to receive $5,000 worth of so-called CLAW tokens. The messages direct recipients to a fraudulent website designed to closely mimic openclaw.ai. The key difference is a wallet connection prompt that initiates malicious activity once approved.
According to OX Security researchers Moshe Siman Tov Bustan and Nir Zadok, connecting a wallet to the site can result in funds being drained. The campaign relies on social engineering tactics that make the offer appear tailored. Researchers believe attackers may be targeting users who previously interacted with Openclaw-related repositories, increasing the likelihood of engagement.
Technical analysis shows the phishing infrastructure includes a redirect chain leading to the domain token-claw[.]xyz, as well as a command-and-control server hosted at watery-compost[.]today. Malicious code embedded in a JavaScript file collects wallet data, including addresses and transaction details, and transmits it to the attacker.
OX Security also identified a wallet address linked to the threat actor that may be used to receive stolen funds. The code includes functions designed to track user behavior and erase traces from local storage, complicating detection and forensic analysis.
While no confirmed victims have been reported, researchers warn the campaign is active and evolving. Users are advised to avoid connecting crypto wallets to unfamiliar websites and to treat unsolicited token offers on Github as suspicious.
Additionally, the Cybersecurity company Certik published a report the same day specifically discussing the exploits surrounding “skill scanning.” The firm evaluated a proof-of-concept skill that contained a flaw, and the exploited component was able to bypass the Openclaw system’s sandbox.
These security developments arrive as Openclaw gains massive traction among the masses and crypto developers alike, actively building on the platform.
- What is the Openclaw phishing attack?
A scam targeting developers with fake token offers that trick users into connecting crypto wallets. - How does the attack work?
Users are directed to a cloned website where connecting a wallet enables theft mechanisms. - Who is being targeted?
Primarily developers interacting with Openclaw-related Github repositories. - How can users stay safe?
Avoid connecting wallets to unknown sites and ignore unsolicited token giveaways.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
