Gate News reports that on March 19, the security platform OX Security revealed that developers of the AI agent project OpenClaw are becoming targets of cryptocurrency phishing activities. Attackers created fake GitHub accounts, initiated issues in repositories they control, @-mentioned dozens of developers, claimed they had won a $5,000 CLAW token reward, and directed victims to a clone website nearly identical to openclaw.ai. This phishing site added a “Connect Wallet” button aimed at stealing connected wallet assets. Malicious code was hidden in deeply obfuscated JavaScript files, equipped with a “nuke” function to clear browser local storage data to hinder forensic analysis, and encoded wallet addresses, transaction amounts, and other information to send back to C2 servers. Researchers identified a suspicious crypto wallet address likely used to receive stolen funds. The related account was created last week and deleted within hours; no victims have been confirmed so far. Due to its high profile, OpenClaw has become a target for scammers, and its Discord community has previously experienced大量加密货币垃圾信息. Previously, the founder of OpenClaw warned users to beware of cryptocurrency scam emails impersonating OpenClaw.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Hackers Exploit Obsidian Plugin to Spread PHANTOMPULSE Trojan with Blockchain C2
Elastic Security Labs revealed that threat actors impersonated venture capital firms on LinkedIn and Telegram to deploy a Windows RAT named PHANTOMPULSE, using Obsidian note vaults for attacks, which Elastic Defend successfully blocked.
GateNews19m ago
Zerion Hot Wallet Loses $100K in AI-Driven Social Engineering Attack by North Korea-Linked Hackers
Zerion confirmed a recent AI-driven social engineering attack by North Korean hackers, resulting in a $100,000 loss from corporate hot wallets. User funds remain safe, and the company has taken precautionary measures. This follows another significant attack on Drift Protocol.
GateNews34m ago
CoW Swap Pauses Protocol After DNS Hijacking Drains at Least $1M in User Funds
CoW Swap suspended its protocol after DNS hijacking redirected users to a fraudulent site, resulting in over $1 million in crypto theft. The incident led to precautionary actions and user warnings, while security measures were implemented.
GateNews2h ago
Lattice Announces Shutdown: Redstone Will Close on May 16, Users Must Withdraw by the Deadline
Gaming infrastructure developer Lattice announced it will shut down on May 15 and reminded users to withdraw their funds. After the shutdown, contract funds cannot be withdrawn through L1 contracts; only funds in personal wallets can be recovered. Over the past five years, Lattice has failed to realize its business model and ultimately decided to close, but its MUD framework and DUST game will continue to run.
MarketWhisper4h ago
User Loses $316K USDC After Signing Malicious Permit2 Transaction, GoPlus Warns
A user lost $316,000 in USDC due to a malicious Permit2 transaction, highlighting vulnerabilities in token approval mechanisms. GoPlus Security urges users to avoid phishing by following key security practices and installing its protective extension.
GateNews5h ago
Cow Protocol suffers a DNS hijacking; users must immediately revoke permissions
Cow Swap, a DEX aggregation platform built by Cow Protocol, suffered DNS hijacking on April 14. The attacker tampered with domain name records, redirecting user traffic to a spoofed website, and deployed a wallet-draining script. Cow DAO immediately paused the service and advised users to revoke approvals. This incident did not affect the protocol’s smart contracts, but users should remain alert to related risks and verify their transaction records.
MarketWhisper6h ago
