Crypto Phishing Scam Uses GitHub Notifications for CLAW Airdrop Deception
Attackers exploit GitHub discussions to send fake airdrop emails that appear legitimate. Victims receive emails requesting wallet synchronization.
Phishing Wave via GitHub Discussions
The OpenClaw community is currently facing a new phishing wave that specifically exploits GitHub notifications. Scammers mention users in GitHub discussions, which causes GitHub to automatically send email notifications. These legitimate notifications are then used in fake emails as the basis for an airdrop scam.
Attackers' Modus Operandi
The attackers create discussion posts in GitHub repositories and specifically mention individual users. This causes affected users to receive real email notifications from GitHub. Subsequently, the criminals send fake emails with the subject "OpenClaw GitHub Contributors Distribution," announcing a supposed $CLAW airdrop. The emails ask recipients to synchronize their wallets to supposedly participate in the distribution.
Community Warning
The OpenClaw community urgently warns against this scam. The fake emails are professionally designed and exploit GitHub's credibility. Users should under no circumstances click on links in such emails or disclose their wallet data. This is a classic phishing attempt aimed at stealing sensitive cryptocurrency information.
Protective Measures
GitHub users should review their notification settings and be cautious with emails promising airdrops or similar offers. When in doubt, direct contact with the project team should always be sought. OpenClaw emphasizes that no official airdrops are distributed via unsolicited emails.
Outlook
This phishing method demonstrates how attackers increasingly use more complex techniques to exploit trust in established platforms. The OpenClaw community will continue to monitor the situation and support affected users. Users are asked to report suspicious activities immediately.