Open-Source AI Project Hit by Sophisticated Phishing Campaign

A recent phishing campaign has highlighted the need for robust security measures in open-source ecosystems. The operation, which targeted developers of the OpenClaw AI agent, involved fake GitHub accounts promoting a non-existent CLAW cryptocurrency token.

According to OX Security's detailed analysis, the attackers created authentic-looking profiles that mimicked legitimate contributors. These profiles then tagged OpenClaw developers in comments and issues, offering a supposed prize of $5,000 worth of CLAW tokens. The fraudulent scheme directed victims to connect their cryptocurrency wallets to claim the non-existent rewards.

The project's founder, Peter Steinberger, immediately confirmed that OpenClaw was not issuing any token at this time. He urged community members to exercise caution and verify financial offers through official channels. GitHub's security team has initiated an investigation into the reported accounts for Terms of Service violations.