Malware delivered by Google Ads drains the entire crypto wallet of NFT influencers

An NFT influencer claims he lost a “life-changing amount” of his net worth in non-fungible tokens (NFTs) and crypto after accidentally downloading malware found through Google Ad search results.

A pseudo-anonymous influencer known on Twitter as the “NFT God” posted a series of tweets on January 14 describing how his “entire digital life” came under attack, including the compromise of his crypto wallet and multiple online accounts.

NFT God, also known as “Alex,” said he used a Google search engine to download OBS, an open-source video streaming software. But instead of clicking on the official website, he clicked on a sponsored ad for what he thought was the same thing.

It wasn’t until hours later—after a series of phishing tweets posted by the attackers to two Twitter accounts Alex manages—that he realized the malware had been downloaded from a sponsored ad along with the software he wanted.

After a message from an acquaintance, Alex noticed that his crypto wallet was also compromised. The next day, attackers hacked into his Substack account and sent phishing emails to his 16,000 subscribers.

Blockchain data shows that at least 19 Ether (ETH) worth nearly $27,000 at the time, NFT Mutant Ape Yacht Club (MAYC) with a current price floor of 16 ETH ($25,000), and multiple other NFTs were withdrawn from Alex’s wallet.

The attacker moved most of the ETH through multiple wallets before sending it to decentralized exchange (DEX) FixedFloat, where it was exchanged for unknown cryptocurrencies.

Alex believes that the “critical mistake” that allowed the wallet to be hacked was setting his hardware wallet as a hot wallet by entering his initial phrase “in a way that no longer keeps it cold”, or offline, which allowed the hackers to gain control of his crypto and NFTs.

Related: Navigating the Crypto World: Tips for Avoiding Scams

Unfortunately, the NFT Boga experience is not the first time the crypto community has faced crypto-stealing malware in Google Ads.

A Jan. 12 report from cybersecurity firm Cyble warned of information-stealing malware called “Rhadamanthys Stealer” spreading through Google Ads on a “highly convincing phishing website[s].”

In October, Binance CEO Changpeng “CZ” Zhao warned that Google search results were promoting phishing and scam websites.

Cointelegraph reached out to Google for comment, but did not receive a response. However, Google said in its help center that it “actively works with trusted advertisers and partners to prevent ad malware.”

It also describes its use of “proprietary technology and malware detection tools” to regularly scan Google ads.

Cointelegraph was unable to replicate Alex’s search results or verify that the malicious website was still active.