As a result of downloading malicious software found via a Google Ad search result, an NFT influencer claims to have lost “a life-changing amount” of their net worth in crypto and nonfungible tokens (NFTs).
“NFT God,” a pseudo-anonymous Twitter influencer, posted a series of tweets on Jan. 14 describing how his “entire digital livelihood” had been attacked, including his crypto wallet and several online accounts.
Last night my entire digital livelihood was violated.
— NFT God (@NFT_GOD) January 15, 2023
Every account connected to me both personally and professionally was hacked and used to hurt others.
Less importantly, I lost a life changing amount of my net worth
He used Google’s search engine to download OBS, an open-source video streaming software. But instead of clicking the official website, he clicked a sponsored advertisement for what he thought was the same thing.
Several hours later, Alex realized malware was downloaded from the sponsored advertisement along with the software he wanted after receiving phishing tweets from attackers on two Twitter accounts he operates.
Upon receiving a message from an acquaintance, Alex noticed that his crypto wallet had also been compromised. The next day, attackers breached his Substack account and sent phishing emails to his 16,000 subscribers.
Then I get the DM I've been dreading. "Dude you WETH'd your ape?"
— NFT God (@NFT_GOD) January 15, 2023
I pop open the Opensea bookmark of my ape and there it is. A completely different wallet listed as the owner.
I knew at that moment it was all gone. Everything. All my crypto and NFTs ripped from me
Alex’s wallet contained at least 19 Ether worth nearly $27,000 at the time, a Mutant Ape Yacht Club (MAYC) NFT with a current floor price of 16 ETH ($25,000), and several other NFTs.
ETH was transferred through multiple wallets before being sent to the decentralized exchange (DEX) FixedFloat, where it was exchanged for unknown cryptocurrencies.
In Alex’s opinion, the “critical mistake” that allowed the wallet hack was setting his hardware wallet up as a hot wallet by entering its seed phrase “in a way that made it no longer cold,” or offline, allowing the hackers to access his coins and NFTs.
NFT God’s experience isn’t the first time crypto-stealing malware has been detected in Google Ads.
According to a Jan. 12 report by cybersecurity firm Cyble, “Rhadamanthys Stealer” spreads through Google Ads on “highly convincing phishing websites.”
Binance CEO Changpeng “CZ” Zhao warned in October that Google search results were promoting crypto phishing and scamming websites.