OpenClaw “CLAW” Token Phishing Attack

Key Takeaways

Scammers are using fake accounts to tag OpenClaw developers in repositories, promising fake $5,000 rewards.

Creator Peter Steinberger has confirmed that OpenClaw is non-commercial and will never launch a token.

The phishing campaign utilizes cloned websites to trick users into connecting and draining their crypto wallets.

The open-source AI community is currently in the crosshairs of a sophisticated phishing campaign. Developers working on OpenClaw—the viral autonomous AI project that debuted in late 2025—are being lured by promises of a “CLAW” token airdrop. Cybersecurity firm OX Security identified the campaign, which uses fake GitHub accounts to tag contributors in malicious repositories.

Folks, if you get crypto emails from websites claiming to be associated with openclaw, it's ALWAYS a scam.

We would never do that. The project is open source and non-commercial. Use the official website. Be sceptical of folks trying to build commercial wrappers on top of it.
— Peter Steinberger 🦞 (@steipete) March 18, 2026

The “bait” is a supposed $5,000 reward in “CLAW” tokens, leading users to a meticulously cloned website that prompts them to connect their crypto wallets—a classic move used to secure malicious approvals and drain assets.

crypto people trying to scam folks
— Peter Steinberger 🦞 (@steipete) March 18, 2026

OpenClaw has exploded in popularity since it dropped, quickly picking up over 465,000 followers. People love it because it’s a free, local AI agent that can actually jump into your files and manage software through a simple chat. But that massive growth has also painted a giant target on its back, making it a favorite for hackers looking for an easy win.

No, sir. Not all cryptocurrencies are scams. I think you must have some misunderstandings. The Chinese openclaw cryptocurrency has been listed on many exchanges and is definitely not a scam.
— Draco Xu (@xcl1998) March 18, 2026

The scammers are banking on the “viral token” fatigue often seen in the AI-crypto space, where every successful software project is expected to launch a native currency. Fortunately, the developer community has been quick to spot the red flags, and no major victims have been reported as of yet.

OpenClaw creator warned users project would never launch a token

Peter Steinberger, the mind behind OpenClaw, has been incredibly vocal about the project’s non-commercial nature. As early as January, Steinberger posted a stern warning on X, stating, “I will never do a coin.” He reiterated that any project listing him as a token owner is a scam.

To all crypto folks:
Please stop pinging me, stop harassing me.
I will never do a coin.
Any project that lists me as coin owner is a SCAM.
No, I will not accept fees.
You are actively damanging the project.
— Peter Steinberger 🦞 (@steipete) January 27, 2026

To keep the community from turning into a ‘get rich quick’ circus, the official OpenClaw Discord actually banned all Bitcoin and crypto talk back in February. It’s a bold move that sends a clear message: in the world of open-source, the real prize is the code you build, not some speculative coin you’re hoping will moon.

Final Thoughts

The “CLAW” airdrop is a fiction designed by thieves. When a project creator tells you they aren’t launching a coin, believe them—no matter how convincing the cloned website looks.

Frequently Asked Questions

Is there an official OpenClaw token?
No. The project creator has explicitly stated that OpenClaw is open-source and will never have a token.

How can I tell if a GitHub tag is a scam?
Be wary of any tags in repositories you don’t recognize, especially those promising financial rewards or “airdrops.”

What does the OpenClaw software do?
It is an autonomous AI agent that runs locally on your computer to manage files and tasks via Telegram or WhatsApp.