Skip to content

An NFT influencer claims he lost a “life-changing amount” of his net worth in non-fungible tokens (NFTs) and cryptos after accidentally downloading malware discovered through a Google Ad search.

A pseudo-anonymous Twitter influencer known as “NFT God” posted a series of tweets on January 14 describing how his “entire digital livelihood” had come under attack, including the compromise of his crypto wallet and multiple online accounts.

NFT God, also known as “Alex,” said he used Google’s search engine, OBS, to download the open-source video streaming software. But instead of clicking on the official website, he clicked on a sponsored ad that he thought was the same.

It wasn’t until hours later, when two of the Twitter accounts Alex operates were hacked by attackers, that he realized the malware had been downloaded from a sponsored ad along with the software he wanted.

After a message from an acquaintance, Alex noticed that his crypto wallet was also compromised. The next day, attackers hacked his Substack account and sent phishing emails to his 16,000 subscribers.

Blockchain data shows at least 19 Ether (ETH) worth about $27,000 at the time, the Mutant Ape Yacht Club (MAYC) NFT at a current price of 16 ETH ($25,000), and several other NFTs out were brought from Alex’s wallet.

The attacker moved most of the ETH through multiple wallets before sending it to the decentralized exchange (DEX) FixedFloat, where it was exchanged for unknown cryptocurrencies.

Alex believes the “critical mistake” that allowed the wallet to be hacked was setting up his hardware wallet as a hot wallet by entering its key phrase “so it no longer keeps it cold” or offline, which allowed the hackers to take control its crypto and NFTs.

Related to: Navigating the world of Crypto. tips to avoid scams

Unfortunately, the NFT God experience is not the first time the crypto community has dealt with crypto-stealing malware on Google Ads.

A Jan. 12 report from cybersecurity firm Cyble warned of an information-stealer called “Rhadamanthys Stealer” that is distributed via Google Ads on a “highly convincing phishing website.”[s]”.

In October, Binance CEO Changpeng “CZ” Zhao warned that Google search results were fueling crypto-phishing and scam sites.

Cointelegraph reached out to Google for comment, but did not receive a response. However, Google said in its help center that it “actively works with trusted advertisers and partners to help prevent malware in ads.”

It also describes using “proprietary technologies and malware detection tools” to regularly scan Google Ads.

Cointelegraph was unable to duplicate Alex’s search results and verify whether the malicious site was still active.