JAKARTA – An NFT influencer claims to have lost a "life-changing amount" of their net worth in non-fungible tokens (NFT) and crypto after accidentally downloading malicious software found via Google Ads search results.

The pseudo-anonymous influencer known on Twitter as "NFT God" posted a series of tweets on Jan. 14 describing how his "entire digital livelihood" was attacked including the compromise of crypto wallets and several online accounts.

NFT God, also known as "Alex," said he used the Google search engine to download OBS, an open-source video streaming software. But instead of clicking on the official website, he clicks on the sponsored ad because he thinks the same thing.

It wasn't until hours later, after a series of phishing tweets posted by attackers on two Twitter accounts Alex operated — that he realized that the malware was downloaded from a sponsored ad alongside the software he wanted.

Following a message from an acquaintance, Alex notices that his crypto wallet has also been compromised. The next day, attackers broke into his Substack account and sent phishing emails to his 16.000 customers.

Blockchain data shows that at least 19 Ether was worth nearly USD 27.000 at the time, the Mutant Ape Yacht Club (MAYC) NFT at its current base price of 16 ETH ($25.000/IDR 362 million), and several other NFTs siphoned from Alex's wallet.

The attacker moved most of the ETH through several wallets before sending it to the FixedFloat decentralized exchange (DEX), where ETH is exchanged for an unknown cryptocurrency.

Alex believes that the "critical mistake" that allowed wallet hacking was setting up his hardware wallet as a hot wallet by entering the initial phrase "in a way that it no longer cools," or offline, which allowed the hacker to gain control of his crypto and NFTs.

Unfortunately, the NFT God experience isn't the first time the crypto community has dealt with crypto-stealing malware on Google Ads.

A Jan. 12 report from cybersecurity firm Cyble warned about information-stealing malware called "Rhadamanthys Stealer" that spreads via Google Ads on "highly convincing phishing web pages".

In October, Binance CEO Changpeng “CZ” Zhao warned that Google search results are promoting crypto phishing and scam sites.

Cointelegraph reached out to Google for comment but did not receive a response. However, in its help center, Google says it is "actively working with trusted advertisers and partners to help prevent malware in ads".

They also describe using "proprietary technology and malware detection tools" to scan Google Ads regularly.

Cointelegraph was unable to replicate Alex's search results or verify whether the malicious website was still active or not.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)