Malware delivered by Google Ads drains NFT influencer’s entire crypto wallet

An NFT influencer says he lost a “life-changing amount” of his net worth in non-fungible tokens (NFTs) and cryptocurrencies after accidentally downloading malicious software found in a Google Ad search result.

The pseudo-anonymous influencer known on Twitter as “NFT God” released a series of tweets on Jan. 14 describing how his “entire digital livelihood” has been attacked, including having his cryptocurrency wallet and multiple online accounts compromised.

NFT God, also known as “Alex”, said that he used Google search engine to download OBS, an open source video streaming software, instead of clicking on the official website, he clicked on the sponsored ad to what he thought was the same thing.

Only hours later, after a series of phishing tweets posted by attackers on two Twitter accounts managed by Alex, did he realize that the malware had been downloaded from the sponsored ad along with the software he wanted.

Following a message from an acquaintance, Alex noticed that his cryptocurrency wallet had also been compromised. A day later, the attackers hacked into his Substack account and sent phishing emails to his 16,000 subscribers.

Blockchain data shows at least 19 Ether (ETH) worth nearly $27,000 at the time, a Mutant Ape Yacht Club (MAYC) NFT with a current minimum price of 16 ETH ($25,000), and many more NFTs have been siphoned off the Alex’s wallet.

The attacker moved most of the ETH through multiple wallets before sending it to the decentralized exchange (DEX) FixedFloat, where it was traded for unknown cryptocurrencies.

Alex believes that the “critical mistake” that allowed the wallet hack was to set his hardware wallet as a hot wallet by entering his seed phrase “in a way that didn’t keep it colder” or offline that allowed the hacker to gain control of his cryptocurrency and NFT.

Related: Navigating the world of cryptocurrencies: tips for avoiding scams

Unfortunately, NFT God’s experience isn’t the first time the crypto community has dealt with cryptocurrency-stealing malware in Google Ads.

A Jan. 12 report from cybersecurity firm Cyble warned of information-stealing malware called “Rhadamanthys Stealer” spreading through Google Ads on “highly convincing phishing web page[s].”

In October 2022, Binance CEO Changpeng “CZ” Zhao warned that Google results were promoting crypto phishing and scam websites in search results.

Cointelegraph reached out to Google for comment but received no response. In its help center, however, Google said it “actively works with trusted advertisers and partners to help prevent malware in ads.”

It also describes its use of “proprietary technology and malware detection tools” to regularly scan Google Ads.

Cointelegraph was unable to replicate Alex’s research results or verify whether the malicious website was still active.