Malware Hidden Behind Google Ads That Emptied The Crypto Wallet Of NFT Influencers

• Home
• financial

A well-known influencer in the NFT and cryptocurrency space, recently fell victim to a malware attack that resulted in the loss of a significant portion of his net worth. The malware was unknowingly downloaded through a sponsored Google Ad while the influencer, who goes by Alex, was attempting to download legitimate software.

The Attack Unfolds

Alex, was in the process of downloading OBS, an open-source video streaming software, when he clicked on a sponsored ad rather than the official website. Unbeknownst to him, the ad contained malware that was downloaded onto his computer along with the software.

It wasn't until hours later when a series of phishing tweets were posted from two of his Twitter accounts, that he realized something was amiss. The next day, the attackers hacked into his Substack account and sent phishing emails to his 16,000 subscribers.

Blockchain data shows that 19 Ether, worth nearly $27,000 at the time, a Mutant Ape Yacht Club (MAYC) NFT with a current minimum price of 16 ETH ($25,000), and multiple other NFTs were mined from Alex's wallet. The attackers then moved the funds through multiple wallets before exchanging them for unknown cryptocurrencies on a decentralized exchange (DEX) called FixedFloat.

Last night my entire digital livelihood was violated.

Every account connected to me both personally and professionally was hacked and used to hurt others.

Less importantly, I lost a life changing amount of my net worth — NFT God (@NFT_GOD) January 15, 2023

A Costly Mistake

Despite his technical knowledge and skills, Alex made a critical mistake while setting up his Ledger account.

He had not purchased any new NFTs in months and had no plans to do so in the near future, so he decided to hold off on buying another cold Ledger wallet. This oversight allowed hackers to take control of his crypto and NFTs through a malware attack.

"Every channel I have with my community, friends, and family was compromised over the last 24 hours. My Twitter, Substack, Gmail, Discord, and wallets were all invaded and taken over by bad actors," Alex wrote in a tweet. He went on to explain that he entered his seed phrase in a way that no longer kept it "cold" or offline, and that he knew he had made a critical mistake, which facilitated the wallet attack and gave the hackers access to his NFTs and cryptocurrencies.

A Growing Concern

Regrettably, this is not the first instance in which the cryptocurrency community has been confronted with malware designed to steal digital assets through Google Ads. A report by cybersecurity enterprise Cyble in January 12th warned of a malware known as "Rhadamanthys Stealer" which was being disseminated through Google Ads on highly convincing phishing websites. In October, the CEO of Binance, Changpeng “CZ” Zhao, alerted that Google search results were proliferating phishing and scam websites.

Google has declared in its help center that it works actively with reliable advertisers and partners to prevent malware in advertisements and employs its own technology and tools to detect malware in regular scans of Google ads.

Despite these measures, the issue persists and underscores the importance of users exercising caution when clicking on sponsored ads and verifying the authenticity of the website before downloading software or providing personal information.