Malware hiding behind a sponsored ad link on Google siphoned thousands of dollars worth of cryptocurrencies and NFTs from an influencer’s wallet. The NFT influencer with the Twitter handle “NFT God” claims to have lost a “life-changing amount” of his net worth in non-fungible tokens (NFTs) and cryptocurrencies after accidentally downloading malware he found via a search result from a Google ad.
NFT God, a/k/a Alex posted a series of tweets on Jan. 14 describing how his “entire digital livelihood” was attacked, including a compromise of his crypto wallet and multiple online accounts. He said that he used the Google search engine to download OBS, an open-source video streaming software. But instead of clicking on the official website, he clicked on sponsored ads for what he thought was the same thing.
After a series of phishing tweets posted by attackers on two of Alex‘s Twitter accounts, it wasn’t until hours later that he realized he had downloaded malware from the sponsored ad alongside the software he wanted.
After receiving a message from an acquaintance, Alex noticed that his crypto wallet had also been compromised. The next day, attackers breached his Substack account and sent phishing emails to his 16,000 subscribers.
Blockchain data shows that at least 19 Ether, worth nearly $27,000, a Mutant Ape Yacht Club (MAYC) NFT with a current minimum price of 16 ETH ($25,000), and several other NFTs were stolen from Alex’s wallet.
The attacker moved most of the ETH through multiple wallets before sending it to the decentralized exchange (DEX) FixedFloat, where it was exchanged for unknown cryptocurrencies.
Alex believes that the “critical flaw” that enabled the wallet hack was that he set up his hardware wallet as a hot wallet by entering the seed phrase “in such a way that it is no longer cold” or remained offline, which allowed hackers to gain control of his cryptocurrencies and NFTs.
Unfortunately, NFT God’s experience is not the first time the crypto community has dealt with crypto-theft malware in Google Ads.