Fake Openclaw phishing on GitHub targets crypto developers
OX Security warns of a “Fake Openclaw phishing” campaign targeting crypto developers in open-source ecosystems. Attackers create fake GitHub accounts and post “issue” threads claiming victims have won $5,000 worth of a fake CLAW token. Links lead to a highly similar scam site and the script prompts users to connect wallets.
The key risk in this Fake Openclaw phishing is wallet approval and malicious transaction execution after wallet connection. Researchers identified the phishing infrastructure, including redirection to token-claw[.]xyz and command-and-control at watery-compost[.]today. Malicious JavaScript can harvest wallet/transaction data, alter local storage, and reduce traceability. As of the report, there are no confirmed victims, but the campaign is reportedly still active.
In parallel, CertiK flagged “skill scanning” vulnerabilities in the Openclaw ecosystem that may bypass existing security controls, expanding the potential attack surface. For traders, expect headline risk around token-launch and wallet-connect events, which can create short-term sentiment volatility and localized liquidity/DEX trading drops for affected tokens. Fake Openclaw phishing remains primarily a scam threat rather than a direct driver of broad market prices.
Neutral
This is primarily a targeted scam against crypto developers rather than a confirmed, large-scale market-moving event for any major coin. Even though the Fake Openclaw phishing can lead to wallet-draining incidents and can raise headline risk around token listings and wallet-connect activity, the reports note no confirmed victims so far. Any impact is likely localized to the affected project’s sentiment and short-term liquidity rather than creating sustained directional pressure on broader prices. Long-term, added attention to wallet-approval safety may slightly reduce speculative risk-taking, but that effect is indirect.