A Google-sponsored link contained malware that stole cryptocurrency and NFTs worth thousands of dollars from an influencer’s wallet.
An NFT influencer claims to have unintentionally downloaded malicious malware discovered via a Google Ad search result, losing “a life-changing amount” of their net worth in nonfungible tokens (NFTs) and cryptocurrency.
On January 14, the Twitter user going by the alias “NFT God” issued a string of tweets detailing how his “entire digital existence” had been compromised, including his cryptocurrency wallet and numerous internet accounts.
NFT God, also known as “Alex,” claimed to have downloaded OBS, an open-source video streaming program, via Google’s search engine. However, he chose to click on the sponsored advertisement for what he believed to be the same thing rather than the official website.
After a series of phishing tweets were sent out by attackers on two Twitter accounts that Alex manages, it wasn’t until hours later that he learned malware had also been downloaded from the sponsored advertisement along with the software he needed.
After receiving a message from a friend, Alex realized his cryptocurrency wallet had also been hijacked. The following day, hackers gained access to his Substack account and targeted his 16,000 subscribers with phishing emails.
Before moving the majority of the ETH to the decentralized exchange (DEX) FixedFloat, where it was exchanged for unidentified cryptocurrencies, the attacker moved it through several wallets.
Alex thinks that setting up his hardware wallet as a hot wallet by inserting its seed phrase “in a way that no longer kept it cold,” or offline, facilitated the wallet attack and gave the hackers access to his crypto and NFTs.
The issue of malware targeting cryptocurrency in Google Ads has long been a focus of the crypto community. A cybersecurity company Cyble study described the danger posed by the information-stealing malware Rhadamanthys Stealer, which is spreading through Google Ads. Changpeng Zhao, the CEO of Binance, also emphasized the danger posed by Google search results, which he claimed promoted phishing and scam websites.