GitHub-Powered Scam Targets OpenClaw Developers with $5,000 Airdrop

A recent phishing campaign has targeted developers contributing to the OpenClaw project by using fake GitHub issue threads to lure users into connecting their wallets to a wallet-draining site.

The scam, which was highly effective due in part to the project's rising profile and visibility, used a $5,000 airdrop as bait. Contributors were tagged directly via real developer accounts on fake GitHub accounts, making it seem like the offer was legitimate.

A cloned website mimicking the official OpenClaw domain was created, where users were prompted to connect their wallets in order to claim the supposed allocation. Once connected, the user's wallet balance would be drained by a heavily obfuscated JavaScript file called 'eleven.js', which handled the malicious logic underneath.

No smart contract exploit was involved, according to researchers, but rather social engineering wrapped in Web3 behavior. This distinction matters because it shows that the attack relied less on breaking software and more on manipulating user trust at precisely the right moment.

The report urges developers to be cautious when interacting with unfamiliar GitHub threads and to verify URLs and repository ownership. It also recommends using a burner wallet instead of a primary holding wallet for claims or dApp interactions, emphasizing that operational security is now the first line of defense.