OpenClaw Founder Unleashes 'No Token, No Scam' Mantra as Phishers Spam GitHub with Fake $CLAW 'Airdrops'

On March 19, the creator of OpenClaw, Peter Steinberger, fired off a tweet to remind the crypto community that any email smelling of crypto and claiming a connection to his project is 100% a scam. He reiterated that OpenClaw is open-source and non-commercial, a digital public park, not a casino. Trust only the official website, and treat any commercial "wrappers" around the code like a suspiciously warm sushi buffet.

This warning comes as a tidal wave of fraudulent messages promises a $5,000 $CLAW token airdrop—a classic "free money" fantasy that only exists in scammer lore. The phishing emails dress up as GitHub notifications, link to sketchy Google-hosted pages, and urgently beg recipients to register wallets. Screenshots circulating on X reveal a coordinated campaign from accounts like “ClawFunding” and “ClawReward,” each listing “Selected Contributors” to create a false aura of exclusivity, like a VIP list for a party that doesn't exist. Spanish versions of the scam show the phishers are going multi-regional, proving grift knows no borders.

Security researcher Aoke Quant suspects the attackers simply scraped developer data straight from GitHub for a mass spam distribution—the digital equivalent of stealing a mailing list from a town hall bulletin board. Developer Daniel Sánchez summed up the universal crypto sentiment: unsolicited offers of free money are almost certainly scams, and open-source projects have no reason to run crypto giveaways; they're busy building, not rug-pulling.

This phishing surge is just the latest escalation in months of harassment that began when OpenClaw (originally Clawdbot) went viral in late January. Scammers have already launched an unauthorized Solana memecoin that cratered 96% in a single day—a rug pull so fast it left skid marks on the blockchain. Steinberger was forced to ban all crypto discussion on the project’s Discord, and his X feed became “unusable” due to a constant barrage of token hashes and spam, turning his notifications into a digital landfill.

Steinberger’s tweet on March 18 was the mic drop: “Folks, if you get crypto emails from websites claiming to be associated with OpenClaw, it’s ALWAYS a scam. We would never do that. The project is open source and non-commercial. Use the official website. Be sceptical of folks trying to build commercial wrappers on top of it.” Translation: There is no token. Stop asking.

The harassment cranked up to eleven after Anthropic asked Steinberger to rename the bot over trademark concerns. He switched the name from Clawdbot to Moltbot, but scammers struck within five seconds—faster than a Solana transaction—hijacking the original account to promote new tokens and serve malware. His GitHub username was stolen in roughly 30 seconds and used to distribute malicious code, which he described as the “worst form of online harassment,” basically digital identity theft at light speed.

In February 2026, OpenAI invited Steinberger to lead its personal AI agents division, a move he accepted. OpenClaw now runs on OpenAI’s infrastructure, yet the brand remains a magnet for scammers, like a high-tech honeypot for the lowest-effort grifts.

Security firm SlowMist previously warned that Clawdbot instances exposed API keys and private chat logs. Researcher Jamieson O’Reilly found unauthenticated instances left hundreds of credentials publicly accessible, likely giving phishers the data needed to craft convincing emails—the equivalent of leaving the keys to the server under the digital doormat.

Steinberger’s message remains the unwavering gospel: there will never