Google Ads-delivered malware drains NFT influencer’s entire crypto wallet

Published at: Jan. 16, 2023

An NFT influencer claims to have lost “a life-changing amount” of their net worth in nonfungible tokens (NFTs) and crypto after accidentally downloading malicious software found in a Google Ad search result.

The pseudo-anonymous influencer known on Twitter as “NFT God” posted a series of tweets on Jan. 14 describing how his “entire digital livelihood” came under attack including a compromise of his crypto wallet and multiple online accounts.

Last night my entire digital livelihood was violated. Every account connected to me both personally and professionally was hacked and used to hurt others. Less importantly, I lost a life changing amount of my net worth

— NFT God (@NFT_GOD) January 15, 2023

NFT God, known also as “Alex” said he used Google's search engine to download OBS, an open-source video streaming software, instead of clicking on the official website, he clicked the sponsored advertisement for what he thought was the same thing. 

It wasn’t until hours later after a series of phishing tweets posted by attackers on two Twitter accounts Alex operates that he realized malware was downloaded from the sponsored advertisement alongside the software he wanted.

Following a message from an acquaintance, Alex noticed his crypto wallet was also compromised. The day after, attackers breached his Substack account and sent phishing emails to his 16,000 subscribers.

Then I get the DM I've been dreading. "Dude you WETH'd your ape?"I pop open the Opensea bookmark of my ape and there it is. A completely different wallet listed as the owner.I knew at that moment it was all gone. Everything. All my crypto and NFTs ripped from me

— NFT God (@NFT_GOD) January 15, 2023

Blockchain data shows at least 19 Ether (ETH) worth nearly $27,000 at the time, a Mutant Ape Yacht Club (MAYC) NFT with a current floor price of 16 ETH ($25,000) and multiple other NFTs were siphoned from Alex’s wallet.

The attacker moved most of the ETH through multiple wallets before sending it to the decentralized exchange (DEX) FixedFloat, where it was swapped for unknown cryptocurrencies.

Alex believes the “critical mistake” that allowed the wallet hack was setting up his hardware wallet as a hot wallet by entering its seed phrase “in a way that no longer kept it cold,” or offline which allowed hackers to gain control of his crypto and NFTs.

Related: Navigating the World of Crypto: Tips for Avoiding Scams

Unfortunately, NFT God’s experience isn’t the first time the crypto community has dealt with crypto-stealing malware in Google Ads.

A Jan. 12 report from cybersecurity firm Cyble warned of an information-stealing malware called “Rhadamanthys Stealer” spreading through Google Ads on “highly convincing phishing webpage[s].”

In October 2022, Binance CEO Changpeng “CZ” Zhao warned Google results were promoting crypto phishing and scamming websites in search results.

Cointelegraph contacted Google for comment but did not receive a response. In its help center, however, Google said it “actively works with trusted advertisers and partners to help prevent malware in ads.”

It also describes its use of “proprietary technology and malware detection tools” to regularly scan Google Ads.

Cointelegraph was unable to replicate the results of Alex’s search nor verify if the malicious website was still active.

Tags
Nft
Related Posts
Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move
Kevin Rose, the co-founder of the nonfungible token (NFT) collection Moonbirds, has fallen victim to a phishing scam leading to more than $1.1 million worth of his personal NFTs stolen. The NFT creator and PROOF co-founder shared the news with his 1.6 million Twitter followers on Jan. 25 asking them to avoid buying any Squiggles NFTs until they manage to get them flagged as stolen. I was just hacked, stay tuned for details - please avoid buying any squiggles until we get them flagged (just lost 25) + a few other NFTs (an autoglyph) ... — KΞVIN R◎SE (,) (@kevinrose) …
Blockchain / Jan. 26, 2023
Targeted phishing scam nets $438K in crypto and NFTs from hacked Beeple account
Digital artist and popular nonfungible token (NFT) creator Mike Winkelmann, more commonly known as Beeple, had his Twitter account hacked on Sunday as part of a phishing scam. Harry Denley, security analyst of MetaMask, alerted users that Beeple’s tweets at the time containing a link to a raffle of a Louis Vuitton NFT collaboration were, in fact, a phishing scam that would drain the crypto out of users’ wallets if clicked. ⚠️ Beeple's Twitter account has been compromised (ATO) to post a phishing website to steal funds. 0x7b69c4f2ACF77300025E49DbDbB65B068b2Fda7D 0xF305F6073CFa24f05FF15CA5b387DD91f871b983 pic.twitter.com/0MPNwOPlEu — harry.eth (whg.eth) (@sniko_) May 22, 2022 The scammers were …
Artists / May 23, 2022
5 sneaky tricks crypto phishing scammers used last year: SlowMist
Blockchain security firm SlowMist has highlighted five common phishing techniques crypto scammers used on victims in 2022, including malicious browser bookmarks, phony sales orders and trojan malware spread on messaging app Discord. It comes after the security firm recorded a total of 303 blockchain security incidents in the year, with 31.6% of these incidents caused by phishing, rug pull or other scams, according to a Jan. 9 SlowMist blockchain security report. Malicious browser bookmarks One of the phishing strategies makes use of bookmark managers, a feature in most modern browsers. SlowMist said scammers have been exploiting these to ultimately gain …
Blockchain / Jan. 10, 2023
Bored Ape Yacht Club NFTs stolen in Instagram phishing attack
As told by Bored Ape Yacht Club (BAYC) developers on Monday, hackers breached the popular nonfungible token (NFT) collection’s official Instagram page and shared links to a fake airdrop with the project’s followers. Crypto enthusiasts who connected their MetaMask wallets to the scam website were subsequently drained of their Ape NFTs. It appears that the attack was planned to coincide with the one-year anniversary of the launch of the BAYC collection, thus increasing the “perceived credibility” of the phishing link. Unconfirmed reports on social media indicate that approximately 100 NFTs were stolen during the phishing attack. Based on data from …
Adoption / April 25, 2022
MetaMask issues scam alert as NameCheap hacker sends unauthorized emails
Popular crypto wallet provider MetaMask warned investors against ongoing phishing attempts by scammers attempting to contact users through NameCheap’s third-party upstream system for emails. On the evening of Feb. 12, web hosting company NameCheap detected the misuse of one of its third-party services for sending some unauthorized emails — which directly targeted MetaMask users. Namecheap described the incident as an "email gateway issue." ⚠️MetaMask does not collect KYC info and will never email you about your account! Do not enter your Secret Recovery Phrase on a website EVER. If you got an email today from MetaMask or Namecheap or anyone …
Blockchain / Feb. 13, 2023