TL;DR
- Scammers targeted OpenClaw contributors through fake GitHub issue threads, using a $5,000 $CLAW airdrop to lure users toward a wallet-draining site.
- The phishing page mimicked the official domain and used an obfuscated JavaScript file called āeleven.js,ā showing the attack relied on social engineering, not a smart contract exploit.
- The report urged developers to verify URLs, confirm repository ownership, ignore unexpected tags, and use burner wallets for claims or unfamiliar dApps.
Scammers have found a sharply effective way to hunt crypto holders inside a trusted developer workflow. The trap starts with credibility, not code exploits. In the reported campaign, contributors connected to the viral AI project OpenClaw were targeted through fake GitHub accounts and issue threads that tagged real developers directly. The bait was a flattering promise of a $5,000 $CLAW token allocation, framed as a reward for GitHub contributions. Targets were then pushed to a site mimicking the official OpenClaw domain, where a wallet connection prompt served as the gateway to a draining setup online.
šØFake $5K airdrop targets OpenClaw devs
Scammers used fake GitHub tags to lure users to a cloned site with a hidden wallet connect.
Accounts vanished within hours. No confirmed victims yet.
Stay alertā ļø pic.twitter.com/ZYpmckDJ1j
— Bitinning (@bitinning) March 19, 2026
Why the OpenClaw Hook Worked So Well
What makes the operation more unsettling is how ordinary the setup appears at first glance. A cloned site and hidden script do the heavy lifting. The report says the phishing page directed users to connect their wallets to claim the supposed allocation, while a heavily obfuscated JavaScript file called āeleven.jsā handled the malicious logic underneath. Researchers said there was no smart contract exploit involved, only social engineering wrapped in Web3 behavior. That distinction matters, because it shows the attack relied less on breaking software and more on manipulating user trust at precisely the right moment.
Timing appears central to why this lure could resonate so quickly. OpenClawās rising profile gave the scam immediate plausibility. The project had become one of the hottest names in tech, moving beyond a developer tool into a mainstream AI narrative. That visibility intensified further after Sam Altman selected creator Peter Steinberger to help drive OpenAIās work on AI agents. According to the report, attackers likely understood that OpenClaw contributors were attentive, comfortable with Web3 wallets, and easier to approach with a reward-based message that felt tailored, timely, and unusually credible to many potential targets online.
The report also outlined a practical lesson that extends well beyond one project. Operational security, not curiosity, is now the first line of defense. Developers were urged to avoid clicking links in unfamiliar GitHub issue threads, manually type official domains, verify repository ownership, and treat unexpected tags as spam by default. It recommended using a burner wallet instead of a primary holding wallet for claims or dApp interactions. The broader warning is difficult to ignore: as AI hype and crypto tooling converge, polished scams may keep exploiting legitimate platforms to turn attention into wallet access.
