Malware provided by Google Ads drains an NFT influencer’s whole cryptocurrency wallet. A Google Ads link housed malware that stole thousands of dollars in crypto and NFTs from an influencer’s wallet.

An NFT influencer says they lost “a life-changing sum” of their net worth in nonfungible tokens (NFTs) and cryptocurrency after installing malicious malware from a Google Ad search result.

On January 14, the pseudo-anonymous Twitter influencer known as “NFT God” issued a series of tweets outlining how his “entire digital life” was attacked, including a hack of his crypto wallet and several internet identities.

Last night my entire digital livelihood was violated.

Every account connected to me both personally and professionally was hacked and used to hurt others.

Less importantly, I lost a life changing amount of my net worth

— NFT God (@NFT_GOD) January 15, 2023

NFT God, also known as “Alex,” said he downloaded OBS, an open-source video streaming program, using Google’s search engine. Instead of going to the official website, he went to sponsored advertising for what he assumed was the same item.

It wasn’t until hours later, following a series of phishing tweets from attackers on two Twitter accounts Alex manages, that he recognized malware had been downloaded with the software he sought from the sponsored advertising.

Alex discovered his crypto wallet had been compromised after receiving a message from a friend. Attackers broke into his Substack account the next day and sent phishing emails to his 16,000 subscribers.

Then I get the DM I've been dreading. "Dude you WETH'd your ape?"

I pop open the Opensea bookmark of my ape and there it is. A completely different wallet listed as the owner.

I knew at that moment it was all gone. Everything. All my crypto and NFTs ripped from me

— NFT God (@NFT_GOD) January 15, 2023

According to blockchain statistics, at least 19 Ether worth approximately $27,000 at the time, a Mutant Ape Yacht Club NFT with a current price of 16 ETH ($25,000), and several other NFTs were drained from Alex’s wallet.

Most of the ETH was transferred via various wallets before being sent to FixedFloat, where it was exchanged for unknown crypto.

The “key error” that permitted the wallet breach, according to Alex, was setting up his hardware wallet as a hot wallet by inputting its seed phrase “in a way that no longer kept it cold” or offline, allowing the hackers to get control of his crypto and NFTs.

Unfortunately, NFT God’s incident is not the first time the crypto community has seen cryptocurrency-stealing malware in Google Ads.

According to a January 12 investigation from cybersecurity firm Cyble, an information-stealing virus known as “Rhadamanthys Stealer” is spreading via Google Ads on “very convincing phishing webpage[s].”

Binance CEO Changpeng “CZ” Zhao warned in October that Google search results were boosting cryptocurrency phishing and scamming websites.