In many ways, OpenClaw represents the next evolution in artificial intelligence. Part of its appeal lies in its architecture: the AI agent runs locally on a user’s device, enabling it to interact with applications and perform tasks autonomously.
The platform’s promise has attracted considerable consumer attention—so much so that it has reportedly driven a spike in prices in China’s secondhand MacBook market. As with many rapidly growing ecosystems, however, this surge in popularity has also drawn the interest of cybercriminals.
According to OX Security, bad actors have been contacting many OpenClaw developers via GitHub, informing them that they had been selected to receive $5,000 of CLAW tokens. Those who engaged were redirected to a convincing replica of OpenClaw’s official website, modified to include a “connect your wallet” prompt.
If a user connected their crypto wallet, bad actors could potentially drain its contents.
Many Red Flags
Despite the apparent legitimacy of both the message and the site, the campaign contains several clear red flags. Most notably, while many platforms issue governance tokens or cryptocurrencies, OpenClaw does not—meaning there is no such thing as a CLAW token.
OpenClaw creator Peter Steinberger has also emphasized that any crypto-related outreach claiming to originate from the project is fraudulent. The platform was designed as an open-source, non-commercial initiative and doesn’t conduct giveaways or promotional campaigns.
Capitalizing on Newness
Phishing schemes that impersonate popular brands are a mainstay in cybercriminals’ playbooks. While many users might dismiss a similar message from a more familiar organization, criminals are exploiting OpenClaw’s novelty—targeting users who are intrigued by its capabilities but not yet fully familiar with how it operates.
As AI continues to expand in both capability and reach, concerns around fraud and abuse are likely to grow in parallel. Jensen Huang, CEO of Nvidia, has described OpenClaw as “the next ChatGPT” and “the largest, most popular, the most successful open-sourced project in the history of humanity.” With that level of visibility, and with OpenClaw’s access to core device functions, security threats on the platform could carry particularly far-reaching consequences.
