An NFT influencer claims he lost a “life-changing amount” of his net worth in non-perishable tokens (NFTs) and cryptocurrency after accidentally downloading malware found via a Google Ads search result.
The anonymous, anonymous influencer known on Twitter as “NFT God” posted a series of tweets on January 14 describing how his “entire digital livelihood” was attacked including the compromise of his crypto wallet and multiple online accounts.
NFT God, also known as “Alex”, said he used Google search to download OBS, an open source video streaming software. But instead of clicking on the official website, he clicked on the sponsored advertisement for what he thought was the same thing.
It wasn’t until hours later – after a series of phishing tweets the attackers posted to two Twitter accounts Alex managed – that he realized the ad-supported malware had been downloaded alongside the one he wanted.
After a message from an acquaintance, Alex notices that his crypto wallet has also been hacked. The next day, attackers hacked into his Substack account and sent phishing emails to his 16,000 subscribers.
Who else wants up to 17 winning crypto alerts every month on any market? >>>
Blockchain data shows that there are at least 19 ethers
Valued at approximately $27,000 at the time, the NFT was withdrawn from Mutant Ape Yacht Club (MAYC) at a current floor price of 16 ETH ($25,000 USD), and several other NFTs were withdrawn from Alex’s wallet.
The attacker moved most of the ETH across multiple wallets before sending it to the decentralized exchange (DEX) FixedFloat, where it was exchanged for unknown cryptocurrencies.
Alex believes the “fatal mistake” that allowed the wallet to be hacked was to set up his hardware wallet as a hot wallet by entering the seed phrase “in such a way that it no longer keeps it cold” or offline, which allowed the hacker to control his crypto and NFTs.
Related: Navigating the Crypto World: Tips to Avoid Scams
Unfortunately, NFT God’s experience isn’t the first time the crypto community has dealt with crypto-stealing malware in Google Ads.
A January 12 report from cybersecurity firm Cyble warned of an information-stealing malware called “Rhadamanthys Stealer” spreading through Google ads on “highly convincing phishing web pages.”
In October, Binance CEO Changpeng “CZ” Zhao warned that Google search results were promoting phishing and phishing websites.
Cointelegraph has contacted Google for comment but has not received a response. However, Google said in its Help Center that it is “actively working with advertisers and trusted partners to help prevent malware in ads.”
It also describes its use of “proprietary technology and malware detection tools” to scan Google ads regularly.
Cointelegraph was unable to replicate Alex’s search results or verify whether the malicious website was still active.