A malware link in a Google contextual ad helped a hacker break into an NFT collector’s social media accounts, steal his assets, and send out phishing messages to all his followers.
The NFT collector, known on Twitter as NFT God, reported that his social media and crypto-assets were hacked. This happened after he downloaded malware using a link found via Google Ads.
NFT God said he used Google to search for Open Broadcaster Software (OBS), an open-source video recording and streaming program. But instead of downloading the software from the OBS official website, he used a link from Google Ads, which showed up in the search results.
Thanks to the software he downloaded, the hacker broke into NFT God’s Twitter account and started sending out phishing emails on his behalf. Later, all of NFT God’s followers began receiving similar messages via the Substack service, which the hacker also compromised.
Only a day later, the user noticed that his crypto wallet had also been hacked. NFT God claimed that the hacker managed to steal several NFTs, including a token from the Mutant Ape Yacht Club (MAYC) collection worth 16 ETH (~$25,000) and crypto worth ~$27,000.
On-chain analysis showed that the attacker transferred the stolen funds to several wallets, withdrew them to the FixedFloat DEX, and exchanged them for other cryptocurrencies.
Recall that using malware to steal crypto was one of the most common hacking methods actively used in 2022. Due to these and other hacking actions, the crypto industry lost almost $4 billion last year.