Blockchain data confirms that the NFT influencer lost at least 19 Ether, worth nearly $27,000 at the time, a Mutant Ape Yacht Club (MAYC) NFT with a current floor price of 16 ETH ($25,000), and multiple other NFTs.
An NFT influencer with the Twitter handle @NFT_GOD claims to have lost thousands of dollars worth of non-fungible tokens (NFTs) and crypto in a Google Ads-delivered malware attack.
On 14th January, NFT God, also known as Alex, shared on Twitter how his “entire livelihood was violated.” In the thread, he explained how his online accounts, including Twitter, Substack, Gmail, and Discord, were hacked into and his crypto wallet compromised after he accidentally downloaded malicious software from Google Ad.
This should not come as a surprise since malicious hackers have a history of exploiting Google Ads to spread malware through the Google search engine. In February 2018, hackers managed to steal over $50 million in Bitcoin after using Google Ads to buy the top result slot on the Google search engine.
MORE GOOGLE ADS AND MALWARE NEWS
- Royal Ransomware Uses Google Ads and Cracked Software
- Nitrokod Crypto Miner Hiding in Fake Google Translate Apps
- Google AdSense Abused to Drop Malware on Android Devices
- Fake Brave browser site dropped malware, thanks to Google Ads
- Google Drive accounted for 50% of malicious Office docs downloads
The pseudonymous influencer has more than 80,000 followers on Twitter and thousands of followers and subscribers on Substack.
Alex said he used the Google search engine to download OBS, an open-source video streaming software. But instead of downloading the software by clicking on the official website, he used the sponsored ad for what he believed was the same thing.
After being informed of the series of phishing tweets posted from his two Twitter accounts, Alex realized that he had downloaded malware with the software he had installed.
Blockchain data confirms that he lost at least 19 Ether, worth nearly $27,000 at the time, a Mutant Ape Yacht Club (MAYC) NFT with a current floor price of 16 ETH ($25,000), and multiple other NFTs.
On the other hand, the attacker moved most of the ETH through multiple wallets before sending it to the decentralized exchange (DEX) FixedFloat, where it was swapped for unknown cryptocurrencies.
Alex believes that the hackers were able to gain access to his crypto and NFTs because of a “critical mistake” where he set up his hardware wallet as a hot wallet by entering its seed phrase “in a way that no longer kept it cold,” or offline.
Alongside his crypto wallet, the hackers also breached his Substack account and sent phishing emails to the 16,000 subscribers on his account, compromising the trust he had built with his community. At the same time, Google’s lack of security and scrutiny is also questionable.
- Ad-blocker extension injected ads in Google searches
- This malware replaces address to steal cryptocurrency
- Fake Windows 11 Downloads Distributing Vidar Malware
- Fake TeamViewer download ads spread ZLoader variant
- Facebook ads dropped malware posing as Clubhouse app