A sophisticated phishing campaign is targeting OpenClaw developers through fake GitHub repositories that promise $5,000 token airdrops. The attack specifically focuses on contributors to the OpenClaw project, using social engineering tactics to lure victims with the promise of substantial cryptocurrency rewards.
The attackers have created cloned websites that appear legitimate but contain hidden wallet connection prompts designed to compromise users' crypto wallets. Once developers interact with these malicious sites believing they are claiming legitimate airdrops, the attackers gain access to drain their cryptocurrency holdings.