NFTs Worth Over $27,000 Stolen Via Malware Wrapped in Google Ads, Victim Loses Life Savings
NFTs nearly $30,000 (roughly Rs. 24 lakh) have reportedly been stolen from an NFT influencer, who goes by the pseudonym ‘NFT God’ on Twitter. The influencer has claimed that his wallet full of digital collectibles was drained in a hack attack. Valuable NFTs worth nearly $30,000 (roughly Rs. 24 lakh) were drained out of his wallet, after he engaged with a sponsored advertisement on Google’s search engine, that replicated an open-source video streaming software which the victim was searching for in the first place.
Along with the costliest Mutant Ape Yacht Club (MAYC) NFT, a bunch of other NFTs amounting to ETH 19 amounting upto over Rs. 24 lakh have been reported stolen, as per Etherscan.
The verified Twitter account of ‘NFT God’, that has over 91,000 followers, mostly from the crypto community, posted about the incident warning others against being scammed.
“My Twitter was hacked. I pop open the OpenSea bookmark of my ape and there it is. A completely different wallet listed as the owner. I knew at that moment it was all gone. Everything. All my crypto and NFTs ripped from me,” the influencer tweeted.
Last night my entire digital livelihood was violated.
Every account connected to me both personally and professionally was hacked and used to hurt others.
Less importantly, I lost a life changing amount of my net worth
— NFT God (@NFT_GOD) January 15, 2023
The hack took place on January 15, according to the influencer.
Last week, cybersecurity firm Cyble had sounded a warning against malware that was hunting for phishing victims via Google ads. The name of this malware was dubbed “Rhadamanthys Stealer” by the company.
“Rhadamanthys stealer spreads by using Google Ads that redirect the user to phishing websites that mimic popular software such as Zoom, AnyDesk etc. It can also spread via spam email containing an attachment for delivering the malicious payload. The TAs behind this campaign also created a highly convincing phishing webpage impersonating legitimate websites to trick users into downloading the stealer malware The link to these phishing websites spreads through Google ads,” Cyble had said in its report. Google is yet to issue a statement related to the claims of the NFT influencer.
While sharing details of his ordeal with his followers on Twitter, the victim claimed that he made an error during setting up his Ledger account on his new computer, that may have given access to his social networking accounts and digital wallets to the hacker.
“I go to set up my Ledger with it and I make a critical mistake. I set it up as a hot wallet instead of a cold wallet,” he noted.
Hot wallets are connected to the Internet making them more susceptible to hacking attempts, whereas cold wallets are ones that store crypto tokens offline, but their drawback is that they could be lost or damaged by the holders.
As per a CoinTelegraph report, most of the stolen ETH were sent to a decentralised exchange called FixedFloat via multiple wallets.
This is not the first instance, where Google ads have been used in conjunction with phishing malware. In October 2022, Binance CEO Changpeng Zhao had also warned crypto investors against malicious actors targeting them via Google.
Google displays phishing sites when users search CMC. This affects users adding smart contract addresses to MetaMask using these phishing sites. We are trying to contact Google for this, and in the meantime alerting users about this through social channels. pic.twitter.com/3q4860Jl4H
— CZ :large_orange_diamond: Binance (@cz_binance) October 27, 2022
In September, Google Play Store analytics had revealed that two apps — Mister Phone Cleaner and Kylhavy Mobile Security were infected with a malware called SharkBot that was capable of stealing cookies from accounts and while bypassing authentication methods that require user input, such as fingerprints.