OpenClaw AI Project Targeted in Cryptocurrency Phishing Scam

by Anika Shah - Technology
0 comments

OpenClaw Developers Targeted in Sophisticated Crypto Phishing Campaign

A phishing campaign exploiting the growing popularity of the open-source AI assistant OpenClaw is targeting developers’ cryptocurrency wallets. The attacks involve fake GitHub posts and a bogus “CLAW” token, attempting to lure users into connecting their wallets.

Warning from OpenClaw Creator

Peter Steinberger, the creator of OpenClaw, issued a public warning on March 19, 2026, urging users to treat all crypto-related emails claiming ties to the project as scams. He emphasized on his X (formerly Twitter) account that “all airdrop announcements related to OpenClaw are scams.” BeInCrypto reported on this warning.

Steinberger reiterated that OpenClaw is an open-source and non-commercial project with no plans to issue any tokens. The Block also covered the warning, noting Steinberger’s advice to rely only on the official website.

ChainCatcher reported that Steinberger warned users that any cryptocurrency emails sent from websites claiming to be associated with OpenClaw are scams.

How the Phishing Campaign Works

According to cybersecurity firm OX Security, the attackers created fake GitHub accounts and posted messages in repositories they controlled, tagging developers to increase visibility. Cointelegraph detailed how these posts claimed recipients had won $5,000 worth of a non-existent “CLAW” token.

The scheme directs users to a cloned website resembling OpenClaw’s official page, prompting them to connect their crypto wallets – a common tactic used to steal credentials or gain malicious approvals. OX Security reported finding no victims as of Wednesday, March 19, 2026.

Previous Exploits and Impersonation

Steinberger has experienced impersonation and harassment since the project’s early stages. A meme coin unauthorizedly issued on the Solana (SOL) network plummeted 96% shortly after launch, causing investor losses. An existing account was also hijacked within seconds during a project name change.

Security experts suggest that vulnerabilities previously found in Clawdbot, OpenClaw’s predecessor, where API keys and conversation logs were exposed, may have been exploited to refine these attacks.

OpenClaw and OpenAI

Steinberger joined OpenAI in February as head of its personal AI agent division led by Sam Altman. Despite OpenClaw currently being maintained based on OpenAI infrastructure, fake token scams using its name continue.

Security Recommendations

Security firm SlowMist warned that requests to connect wallets through links from unclear sources are a typical method of asset theft and urged users to exercise extreme caution. Steinberger consistently advises users that OpenClaw does not issue any form of cryptocurrency and does not make commercial offers.

Related Posts

Leave a Comment