A Google Ads-delivered malware attack, according to an NFT influencer with the Twitter handle @NFT_GOD, cost thousands of dollars worth of non-fungible tokens (NFTs) and cryptocurrency. Alex, also known as NFT God, recounted on Twitter on January 14 how his “entire livelihood was violated.” In the thread, he detailed how he unintentionally downloaded malicious software from a Google Ad, which led to hacking his online accounts, including Twitter, Substack, Gmail, and Discord, as well as compromising his cryptocurrency wallet.
This should not be shocking, given the history of dangerous hackers using Google Ads to transmit malware via the Google search engine. In February 2018, hackers successfully obtained over $50 million in Bitcoin by purchasing the top spot in Google search results using Google Ads. On Twitter, the fictitious influencer has more than 80,000 followers, while on Substack, they number in the thousands.
Alex said that he downloaded OBS, an open-source video streaming program, via the Google search engine. But he selected the sponsored advertisement for what he thought was the same thing rather than visiting the official website to get the software. After learning about the string of phishing tweets sent from his two Twitter accounts, Alex concluded that the software he had set up had downloaded malware.
Blockchain data demonstrates that he lost several NFTs, a Mutant Ape Yacht Club (MAYC) NFT with a floor price of 16 ETH ($25,000), at least 19 Ether, valued close to $27,000 at the time. However, before sending most of the ETH to the decentralized exchange (DEX) FixedFloat, which was exchanged for unidentified coins, the attacker transferred it via many wallets.
Alex thinks that a “critical mistake” he made when setting up his hardware wallet as a hot wallet by inputting its seed phrase “in a way that no longer kept it cold” or offline allowed the hackers to access his cryptocurrency and NFTs. The trust he had established with his community was jeopardized when the hackers gained access to his crypto wallet and Substack account. They did this by sending phishing emails to the 16,000 subscribers on his account. Google’s lack of security and oversight is also a concern at the same time.