Google Ads-delivered malware drains NFT influencer’s entire crypto wallet

An NFT influencer claims to have lost “a life-changing amount” of his net worth in non-fungible tokens (NFTs) and crypto after accidentally downloading malware found in a Google Ad search result.

The pseudo-anonymous influencer known on Twitter as “NFT God” posted a series of tweets on Jan. 14 describing how “his entire digital livelihood” was attacked, including a compromise of his crypto wallet and several online accounts.

NFT God, also known as “Alex”, said he used Google’s search engine to download OBS, an open source video streaming software, instead of clicking the official website, he clicked the sponsored advertisement for what he thought was the same thing.

It wasn’t until hours later, after a series of phishing tweets posted by attackers on two Twitter accounts that Alex operates, that he realized malware had been downloaded from the ad. sponsored alongside the software he wanted.

Following a message from an acquaintance, Alex noticed that his crypto wallet was also compromised. The next day, attackers hacked into his Substack account and sent phishing emails to its 16,000 subscribers.

blockchain Data shows at least 19 Ether (ETH) worth almost $27,000 at the time, a Mutant Ape Yacht Club (MAYC) NFT with a current floor price of 16 ETH ($25,000) and several other NFTs were siphoned from Alex’s wallet .

The attacker moved most of the ETH through multiple wallets before sending it to the decentralized exchange (DEX) FixedFloat, where it was exchanged for unknown cryptocurrencies.

Alex believes that the “critical error” that allowed the wallet hack was to configure his hardware wallet as hot wallet entering his seed sentence “in a way that no longer kept him cold”, or offline, which allowed hackers to take control of his crypto and NFTs.

Related: Navigating the Crypto World: Tips for Avoiding Scams

Unfortunately, NFT God’s experience isn’t the first time the crypto community has dealt with crypto-stealing malware in Google Ads.

A January 12 report from cybersecurity firm Cyble warned of information-stealing malware called “Rhadamanthys Stealer” spreading via Google Ads on “a very convincing phishing webpage[s].”

In October 2022, Binance CEO Changpeng “CZ” Zhao savvy google results promoted crypto-phishing and scam websites in search results.

Cointelegraph contacted Google for comment but did not receive a response. In its Help Center, however, Google said it “actively works with trusted advertisers and partners to help prevent malware in ads.”

It also describes its use of “proprietary technologies and malware detection tools” to regularly scan Google Ads.

Cointelegraph was unable to replicate Alex’s search results or verify if the malicious website was still active.