As a result of downloading malicious software found via a Google Ad search result, an NFT influencer claims to have lost “a life-changing amount” of their net worth in crypto and nonfungible tokens (NFTs).
“NFT God,” a pseudo-anonymous Twitter influencer, posted a series of tweets on Jan. 14 describing how his “entire digital livelihood” had been attacked, including his crypto wallet and several online accounts.
He used Google’s search engine to download OBS, an open-source video streaming software. But instead of clicking the official website, he clicked a sponsored advertisement for what he thought was the same thing.
Several hours later, Alex realized malware was downloaded from the sponsored advertisement along with the software he wanted after receiving phishing tweets from attackers on two Twitter accounts he operates.
Upon receiving a message from an acquaintance, Alex noticed that his crypto wallet had also been compromised. The next day, attackers breached his Substack account and sent phishing emails to his 16,000 subscribers.
Alex’s wallet contained at least 19 Ether worth nearly $27,000 at the time, a Mutant Ape Yacht Club (MAYC) NFT with a current floor price of 16 ETH ($25,000), and several other NFTs.
ETH was transferred through multiple wallets before being sent to the decentralized exchange (DEX) FixedFloat, where it was exchanged for unknown cryptocurrencies.
In Alex’s opinion, the “critical mistake” that allowed the wallet hack was setting his hardware wallet up as a hot wallet by entering its seed phrase “in a way that made it no longer cold,” or offline, allowing the hackers to access his coins and NFTs.
NFT God’s experience isn’t the first time crypto-stealing malware has been detected in Google Ads.
According to a Jan. 12 report by cybersecurity firm Cyble, “Rhadamanthys Stealer” spreads through Google Ads on “highly convincing phishing websites.”
Binance CEO Changpeng “CZ” Zhao warned in October that Google search results were promoting crypto phishing and scamming websites.