This event is archived. Final snapshot from when the story concluded. View on Dashboard
Accidents phishing campaign

OpenClaw Developers Targeted in GitHub Phishing Campaign

Analysis based on 11 articles · First reported Mar 19, 2026 · Last updated Mar 21, 2026

Sentiment
-40
Attention
3
Articles
11
Market Impact
Direct
Live prominence charts, article sentiment distribution, and event development timeline available on the NewsDesk Dashboard

The phishing campaign targeting OpenClaw developers could lead to a decrease in trust in open-source AI projects and cryptocurrency platforms, potentially affecting the broader crypto market sentiment. Cybersecurity firms like OX Security may see increased demand for their services as awareness of such threats grows.

Cybersecurity Software Cryptocurrency

Malicious cyber actors are exploiting the popularity of the open-source AI agent project OpenClaw with a phishing campaign. They create fake Microsoft===GitHub accounts and issue threads, tagging developers with fraudulent offers of $5,000 in 'CLAW' tokens. Victims are directed to a malicious website, an almost identical clone of OpenClaw's official site, featuring a 'Connect your wallet' button designed to initiate wallet theft. Cybersecurity firm OX Security reported on this campaign, identifying malicious domains and a 'nuke' function in the malware to erase forensic data. OpenClaw creator Peter Steinberger has warned users about these scams and enforced a strict anti-crypto policy due to previous related incidents, including a fake CLAWD token scam on Solana. No confirmed victims have been reported yet, but the wallet-draining infrastructure is operational.

100 OpenClaw targeted by phishing campaign
90 OX Security published report on phishing campaign OpenClaw
80 Microsoft===GitHub exploited by attackers for phishing OpenClaw
70 Peter Steinberger warned users about scams and banned crypto discussions OpenClaw
priv
OpenClaw, an open-source AI agent project, is the primary target of a phishing campaign designed to drain developers' crypto wallets. This event negatively impacts its community's security and its reputation, despite its growing popularity.
Importance 100 Sentiment -30
priv
OX Security published a report detailing a phishing campaign targeting OpenClaw developers, enhancing its reputation as a cybersecurity firm. They identified malicious domains and provided recommendations for protection.
Importance 80 Sentiment 20
subs
Microsoft===GitHub is being exploited by malicious actors who create fake accounts and issue threads to spread a phishing campaign targeting OpenClaw developers. This highlights a vulnerability in its platform for social engineering attacks.
Importance 70 Sentiment -10
per
Peter Steinberger, OpenClaw's creator, has warned users about crypto-themed outreach being fraudulent and has enforced a strict anti-crypto policy due to ongoing scams. His efforts aim to protect the OpenClaw community from such attacks.
Importance 60 Sentiment -20
priv
MetaMask is one of the major crypto wallets supported by the phishing page, making its users potential victims of the wallet-draining scheme. This highlights a risk for its users.
Importance 30 Sentiment -10
priv
WalletConnect is among the major crypto wallets supported by the malicious phishing page, exposing its users to potential wallet draining. This indicates a security concern for its platform.
Importance 30 Sentiment -10
subs
Binance===Trust Wallet is listed as one of the major crypto wallets compatible with the phishing page, putting its users at risk of having their funds siphoned. This points to a security vulnerability for its users.
Importance 30 Sentiment -10
+ 2 more entities View on Dashboard
NEWSDESK
Track this event live

Set up alerts, explore entity relationships, search across thousands of events, and build custom intelligence feeds.

Open Dashboard

About NewsDesk

NewsDesk is a news intelligence platform that converts raw news articles into structured data. It tracks events, entities, and the relationships between them, with sentiment and attention metrics derived from thousands of articles. Pages on this site are daily static snapshots from the platform's live database. For real-time tracking, search, and alerts, the full dashboard is at app.newsdesk.dev.