OpenClaw Creator Warns of Phishing Campaign Targeting Developers With Fake $CLAW Airdrops

Peter Steinberger, creator of the open-source AI assistant OpenClaw, issued a public warning on March 18, 2026, that all crypto-related emails claiming ties to the project are scams, as attackers target GitHub developers worldwide with fraudulent $CLAW token airdrop offers.

The phishing campaign uses fake GitHub accounts to tag developers in issue threads, directing them to cloned websites nearly identical to openclaw.ai, where a “Connect your wallet” button initiates wallet-draining malware. Steinberger emphasized that OpenClaw is “open source and non-commercial” with no cryptocurrency or token of any kind.

The attacks represent an escalation of months-long harassment against Steinberger and his project, which has included account hijacking, malware distribution, and an unauthorized memecoin launch on Solana that crashed 96% within a single day.

Phishing Campaign Mechanics

Attack Vector

Security platform OX Security published a report detailing an active campaign in which threat actors create fake GitHub accounts, open issue threads in attacker-controlled repositories, and tag dozens of developers. The scam claims recipients have won $5,000 worth of $CLAW tokens and directs them to fraudulent sites designed to steal cryptocurrency wallets.

The phishing messages appear to originate from GitHub notification addresses, lending them a veneer of legitimacy. Screenshots shared on X reveal a coordinated campaign targeting GitHub contributors with nearly identical messages referencing an “OpenClaw GitHub Contributors Airdrop” from accounts such as “ClawFunding” and “ClawReward.” Each message lists supposed “Selected Contributors” to create a false sense of exclusivity among recipients, with some versions translated into Spanish, suggesting international reach.

Technical Analysis

OX Security’s analysis found wallet-stealing code buried inside a heavily obfuscated JavaScript file called “eleven.js.” After deobfuscating the malware, researchers identified a built-in “nuke” function that wipes all wallet-stealing data from the browser’s local storage to frustrate forensic analysis. The malware tracks user actions via commands such as PromptTx, Approved, and Declined, relaying encoded data including wallet addresses, transaction values, and names back to a command-and-control (C2) server.

Researchers identified one crypto wallet address they believe belongs to the threat actor—0x6981E9EA7023a8407E4B08ad97f186A5CBDaFCf5—used to receive stolen funds. The phishing accounts were created last week and deleted within hours of launch, with no confirmed victims reported so far.

Targeting Methodology

Security researcher Aoke Quant suspects attackers scraped developer information directly from GitHub for mass distribution. OX Security assessed that attackers may be using GitHub’s star feature to identify users who have starred OpenClaw-related repositories, making the lure appear more targeted and credible.

Project Context and Visibility

OpenClaw’s Rise

OpenClaw, a self-hosted AI agent framework that lets users run persistent bots connected to messaging apps, email, calendars, and shell commands, has gained significant visibility following OpenAI CEO Sam Altman’s announcement in February 2026 that Steinberger would lead the company’s push into personal AI agents. The project now operates as a foundation-run open-source initiative supported by OpenAI’s infrastructure and resources, and has accumulated 323,000 GitHub stars.

Steinberger’s Warning

Steinberger took to X to urge users to treat all crypto-related emails claiming ties to the project as scams. The project is “open source and non-commercial,” he wrote, advising followers to rely only on the official website and stay skeptical of commercial wrappers. His message remains unequivocal: there will never be a coin, and any claim to the contrary is fraud.

History of Harassment

Months-Long Campaign

Since OpenClaw first went viral as Clawdbot in late January 2026, crypto scammers have repeatedly targeted the project. An unauthorized memecoin created on Solana crashed 96% within a single day, causing confusion among potential investors.

Discord and Social Media Impact

The harassment forced Steinberger to ban all crypto discussion in the project’s Discord server entirely. He described his X notification feed as “unusable” due to the constant barrage of token hashes and messages.

GitHub Account Hijacking

The situation worsened when Anthropic asked Steinberger to rename the bot over trademark concerns. He changed the name from Clawdbot to Moltbot, but within five seconds of the switch, attackers sniped the original account to promote new tokens. They served malware from the hijacked account before Steinberger could properly secure the transition. His GitHub username was stolen in approximately 30 seconds and used to distribute malicious code. He described the ordeal as “the worst form of online harassment” he had ever experienced.

Previous Security Warnings

Security firm SlowMist had previously warned that Clawdbot instances exposed API keys and private chat logs. Researcher Jamieson O’Reilly found that unauthenticated instances left hundreds of credentials publicly accessible. These security gaps may have given scammers the data needed to craft convincing phishing emails.

Recommendations for Developers

OX Security recommends the following protective measures:

• Block malicious domains including token-claw[.]xyz and watery-compost[.]today across all environments

• Avoid connecting crypto wallets to newly surfaced or unverified sites

• Treat any GitHub issue promoting token giveaways or airdrops as suspicious, particularly from unknown accounts

• Users who recently connected a wallet should revoke approvals immediately

Developer Daniel Sánchez captured the prevailing sentiment: unsolicited offers of free money are almost certainly scams. He added that open-source projects have no reason to run crypto giveaways of any kind.

Frequently Asked Questions

Is OpenClaw launching a cryptocurrency or token?

No. OpenClaw creator Peter Steinberger has repeatedly and explicitly stated that there will never be an OpenClaw coin or token. The project is open-source and non-commercial, and any claims to the contrary—including the current $CLAW token airdrop phishing campaign—are fraudulent.

How does the phishing scam work?

Attackers create fake GitHub accounts, open issue threads in attacker-controlled repositories, and tag developers with claims they have won $5,000 in $CLAW tokens. Recipients are directed to cloned websites nearly identical to openclaw.ai, where a “Connect your wallet” button initiates wallet-draining malware. The attackers use scraped GitHub data to make the lures appear targeted and credible.

What should I do if I suspect I’ve been targeted?

Do not connect your wallet to any unfamiliar site or click on links in unsolicited messages about token airdrops. If you have recently connected a wallet to a suspicious site, revoke wallet approvals immediately. Block the malicious domains token-claw[.]xyz and watery-compost[.]today, and report any suspicious GitHub activity to the platform.