OpenClaw founder Peter Steinberger issued a public warning on the X platform on March 19, urging all users to treat any emails claiming to be related to OpenClaw cryptocurrency as scams. He explicitly stated that OpenClaw is an “open-source and non-commercial” project. Previously, multiple developers had reported a large-scale phishing attack targeting GitHub users worldwide.
Details of the Phishing Attack: Impersonating GitHub Notifications Sweeping Developers
(Source: X)
The attack was carefully designed to be difficult to identify immediately. Security researcher Aoke Quant suspects that the attacker directly scraped developers’ publicly available contact information from GitHub to facilitate large-scale targeted dissemination.
The main features of the phishing emails include:
Sender Spoofing: The emails mimic the official GitHub notification format, making them hard to distinguish from legitimate messages.
Fake Sender Accounts: Accounts such as “ClawFunding” and “ClawReward” were used to impersonate legitimate entities.
Content Deception: The emails claim that the recipient has been listed as a “Featured Contributor,” creating a sense of exclusivity and urgency.
Call to Action: Users are guided to click suspicious Google links to “claim” fake tokens.
Multilingual Versions: Some emails have been translated into Spanish, indicating the attack has spread across multiple regions.
Developer Daniel Sánchez, sharing screenshots of the reports, pointed out: “Offering free funds proactively is almost certainly a scam. Open-source projects have no reason to conduct any kind of cryptocurrency giveaways.”
Complete Timeline of Months-Long Harassment: From Meme Coins to Account Hacks in 30 Seconds
This wave of phishing attacks is the latest escalation in months of systematic harassment against OpenClaw. Since OpenClaw gained popularity in January this year under the name “Clawdbot,” cryptocurrency speculators have launched ongoing multi-layered attacks against Steinberger and his project.
Key events include:
Meme Coin Creation: Scammers unauthorizedly issued a meme coin named after OpenClaw on Solana, which plummeted 96% in one day, causing significant losses for retail investors.
Brand Rebranding Crisis: Due to trademark issues, Anthropic demanded Steinberger rename the robot. After he changed “Clawdbot” to “Moltbot,” attackers invaded the original account in less than five seconds, promoting new scam tokens and spreading malware before Steinberger could secure the account.
GitHub Account Compromise: His GitHub username was hacked in about 30 seconds, used to distribute malicious code.
Discord Ban: Facing continuous spam of token hashes, Steinberger was forced to ban all cryptocurrency-related discussions on his Discord server.
X Notifications Disabled: Continuous spam of token hashes and junk messages made X (Twitter) notifications unusable.
Steinberger described this entire experience as the “most severe online harassment” he has faced. Even after joining OpenAI in February 2026, leading the personal AI agent division under Sam Altman, and with backing from a major tech company, scammers continued to exploit the OpenClaw brand for profit.
Frequently Asked Questions
Q: How can I identify fake OpenClaw phishing emails?
According to Steinberger’s public warning, the most effective methods are: First, OpenClaw does not have any official cryptocurrency tokens (no “CLAW” or any other tokens). Second, any email requesting you to click links to “claim airdrops” or “connect your wallet” is a scam. Third, only trust OpenClaw’s official website as the sole source of verified information, and remain cautious of third-party commercial packaging. Security experts recommend verifying the sender’s domain carefully, even if the email appears to come from an official GitHub address, as scammers often spoof display names.
Q: Does OpenClaw’s security vulnerability facilitate phishing attacks?
Security firm SlowMist previously warned that improperly configured Clawdbot/OpenClaw instances could leak API keys and private chat logs. Researcher Jamieson O’Reilly also found that unauthenticated instances might expose hundreds of credentials. These vulnerabilities could allow scammers to access real user data, enabling them to craft highly convincing phishing emails and increase scam success rates. All users deploying OpenClaw are advised to ensure proper authentication setup and regularly rotate API keys.
Q: How should I respond to similar phishing attacks?
If you receive any emails claiming to be related to OpenClaw cryptocurrency airdrops, delete and mark them as phishing immediately. Do not click any links or provide personal information. If you have clicked a link, change all related account passwords, revoke suspicious third-party permissions, and scan your device for malware. Report the phishing activity through official OpenClaw channels to help protect other developers in the community.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
GSR Debuts BESO ETF With Bitcoin, Ethereum, Solana
GSR debuts BESO ETF with active strategy, adjusting Bitcoin, Ether, and Solana allocations weekly to outperform benchmarks.
ETF records nearly $5M in first-day volume, signaling early investor interest in diversified crypto investment products.
Launch aligns with growing ETF momentum as
CryptoFrontNews4h ago
Solana Spot ETF Sees $1.14M Net Outflows Yesterday, FSOL Posts Gains While VSOL Declines
Gate News message, April 25 — Solana spot ETFs recorded a combined net outflow of $1.1364 million yesterday (April 24), according to SoSoValue data.
Fidelity Solana Fund ETF (FSOL) posted a single-day net inflow of $257,000 and has accumulated $158 million in historical net inflows. VanEck Solana E
GateNews8h ago
U.S. Solana Spot ETFs Record $1.17M Net Outflows; Fidelity FSOL Posts Inflows
Gate News message, April 25 — According to SoSoValue data, U.S. Solana spot ETFs recorded a combined net outflow of $1.1736 million yesterday (April 24, ET).
Fidelity Solana Fund ETF (FSOL) posted a daily net inflow of $257,000, bringing its historical cumulative net inflows to $158 million.
GateNews15h ago
DeFi Stakeholders Petition SEC to Formalize Interface Guidance as Ethereum Proposes Native Privacy Layer
Gate News message, April 24 — The DeFi Education Fund (DEF) and 35 co-signatories, including a16z crypto, Aptos Labs, Uniswap, Chainlink, Paradigm, Solana Policy Institute, and Phantom, have petitioned the Securities and Exchange Commission (SEC) to convert its recent staff guidance on DeFi interfac
GateNews20h ago
Luck.io, Solana's Non-Custodial Casino, Shuts Down; Users Urged to Withdraw Funds Immediately
Gate News message, April 24 — Luck.io, a non-custodial casino platform built on Solana, announced its closure on April 24, 2026, urging all users to withdraw their balances from Smart Vaults immediately. Withdrawals can be initiated through the luck.io website or via the Vault Withdrawal Tool at
GateNews23h ago
XRP Expands to Solana as wXRP Drives DeFi Access
Key Insights
Wrapped XRP on Solana surpasses 834,000 tokens, enabling new DeFi access while strengthening cross-chain liquidity and expanding XRP utility beyond its native ledger.
Ethereum and Solana dominate DeFi activity, while XRP Ledger trails significantly, driving the need for
CryptoNewsLand04-24 17:45
