Scammers posed as the OpenClaw project on GitHub, promised developers free money, and sent them to a fake website that emptied their crypto wallets. A group of online scammers impersonated a popular AI software project on GitHub and tricked developers into handing over access to their cryptocurrency wallets. The victims lost their funds after visiting a fake website that looked nearly identical to the real one. The scheme exploited the growing fame of a project called OpenClaw, which had recently been praised by the CEO of OpenAI.
How the Scam Worked
The attackers created fake accounts on GitHub and used them to send messages to developers who had shown interest in OpenClaw. The messages claimed those developers had been specially selected to receive $5,000 worth of free CLAW tokens as a reward for their work in the community. A link directed them to a website where they could claim their prize.
The website looked almost exactly like OpenClaw’s real page. Once there, visitors were asked to connect their cryptocurrency wallet. The moment they did, the scammers gained access and drained the funds. The whole thing happened quietly, with no warning given to the victim.
Creator Issues Warning
Peter Steinberger issued an urgent public warning on X after the scam came to light. “Folks, if you get crypto emails from websites claiming to be associated with OpenClaw, it’s ALWAYS a scam,” he wrote. He made clear that OpenClaw has never offered tokens, rewards, or any kind of giveaway, and it never will. The project is non-commercial and always has been.
What to Watch Out For
Security researchers say this kind of scam is becoming more common. They advise anyone in the developer community to be suspicious of the following:
- Messages on GitHub promising free tokens, prizes, or rewards out of nowhere.
- Websites asking you to connect a crypto wallet, especially if you arrived through an unsolicited link.
- Web addresses that look almost right but have a slightly different name or ending.
This is not an isolated case. Criminals have increasingly turned to trusted developer platforms like GitHub to make their scams look legitimate. Because developers receive real notifications from GitHub every day, a fraudulent message is far easier to miss.
The key lesson security experts draw from this case is straightforward: no genuine open-source project will ever contact you out of the blue to offer free money. If it sounds too good to be true, it almost certainly is.
A Growing Threat
This is not an isolated case. Criminals have increasingly turned to trusted developer platforms like GitHub to make their scams look legitimate. Because developers receive real notifications from GitHub every day, a fraudulent message is far easier to miss.
The key lesson security experts draw from this case is straightforward: no genuine open-source project will ever contact you out of the blue to offer free money. If it sounds too good to be true, it almost certainly is.
Crypto theft takes many forms. In a separate case currently before the UK High Court, a man alleges his estranged wife stole 2,323 Bitcoin worth around $172 million after gaining access to his wallet recovery phrase through home CCTV footage. The case, which has been allowed to proceed to trial, highlights how cryptocurrency theft is no longer confined to online scams. Sometimes the threat is much closer to home.
