Attackers Use Fake GitHub Accounts To Drain Wallets

OX Security on Wednesday published a report describing a phishing campaign that used fake GitHub accounts to tag developers and lure them with a purported $5,000 $CLAW token prize, directing victims to a cloned openclaw.ai site. The attackers embedded obfuscated JavaScript ("eleven.js") and a separate C2 server to steal crypto wallets; accounts were created last week and deleted within hours with no confirmed victims.
Key Points
- 1Create fake GitHub accounts tagging developers claiming $5,000 in $CLAW tokens
- 2Use obfuscated eleven.js and a C2 server to harvest wallet data and evade forensics
- 3Advise practitioners to block reported domains and immediately revoke recent wallet approvals
Scoring Rationale
Actionable technical details and credible vendor reporting raise impact; limited scope to OpenClaw developer community constrains wider relevance.
Sources
Public references used for this report.
Practice with real FinTech & Trading data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all FinTech & Trading problems
