Malware offered by Google Ads depletes crypto wallets of NFT influencers


  • After his friend’s call, Alex finds his entire crypto wallet has also been compromised.
  • NFT God’s entire digital livelihood had been hacked.
  • After moving the ETH through multiple wallets, the attacker exchanged it for unknown coins before transferring the bulk to FixedFloat.

An NFT influencer claims that they lost “a life-changing sum” of their net worth in NFTs and cryptocurrency after unintentionally installing malicious software they got from a Google Ad Search result. 

On January 14, a Twitter user going by the handle “NFT God” published a series of tweets explaining how his “entire digital livelihood,” including his cryptocurrency wallet and numerous online accounts, had been compromised.

The open-source streaming video program OBS was allegedly installed by NFT God, also known as “Alex,” using the Google search engine. After attackers sent out a series of spam tweets on two Twitter accounts that Alex managed, it wasn’t until hours later that he learned it had also downloaded malware from the sponsored ads and the software he needed.

The Mutant Ape Yacht Club (MAYC) NFT has a floor price of 16 ETH ($25,000) right now, and several other NFTs were stolen from Alex’s wallet, according to blockchain data. After receiving a message, Alex realized his cryptocurrency wallet had also been seized. The day after they had accessed his Substack account, hackers sent him fake emails.

The attacker sent the ETH through multiple wallets and exchanged it for unidentified coins before sending the bulk to FixedFloat, a decentralized exchange (DEX). By inputting Alex’s seed phrase “in a way that no longer kept the wallet cold” or offline, a hacker could take control of his cryptocurrency and NFTs.

An information-stealing virus named “Rhadamanthys Stealer” was spreading through Google Ads on “compelling phishing webpage[s],” according to a January 12 report from cybersecurity company Cyble.

Changpeng “CZ” Zhao, the CEO of Binance, claimed that in October, Google search results promoted cryptocurrency fraud and scam websites.

According to Google, the company actively collaborates with reputable advertisers and partners “to help prevent malware in advertisements.”