How a popular NFT influencer lost life-changing money to a scam

How a popular NFT influencer lost life-changing money to a scam

Fraudulent companies are increasingly targeting the Google Ads platform to distribute malware to unsuspecting users searching for popular software products. A pseudonymous NFT user, “NFT God,” is the latest victim of such a scam.

They stated that this had violated their “entire digital livelihood”.

Losing a life-changing amount

It all started when the popular NFT influencer downloaded OBS on his personal desktop computer. They ended up clicking on a sponsored ad instead of the official website.

Only after attackers posted phishing tweets on both of their Twitter accounts did NFT God realize that malware was at play.

In a series of Tweets, the user said that both personal and professional accounts - Twitter, Substack, Gmail, Discord and Wallets - were hacked, resulting in the loss of a "life-changing amount" of their net worth. The attackers even sent phishing emails to thousands of his subscribers on the Substack account.

"My Substack means more to me than anything else in my life that isn't human. It's where I create my deeply personal work. It's where I built my community. It's the personal accomplishment I'm most proud of in my life. It was now in danger of being destroyed. The hackers sent 2 emails with hacked links to my 16,000 closest fans. Trust I'd worked to build for over a year was gone. Losing some of my net worth is nothing compared to losing the trust of my community.”

According to blockchain data, at least 19 ETH along with several other NFTs including a Mutant Ape Yacht Club (MAYC) were stolen from this wallet by the attackers. Most Ether funds were transferred to multiple wallets before being moved to a decentralized exchange called FixedFloat and exchanged for various digital assets.

NFT God believes the only critical mistake was entering the seed phrase into one technology “in a way that no longer kept it cold,” which led to the demise of another. They said that while not purchasing a cold wallet is a “fatal mistake,” that alone does not constitute digital security. It is equally important to be careful in all activities on the Internet.

Google Ads abuse

Google Ads essentially helps advertisers promote pages on Google Search. Anyone without an active ad blocker will see the promotion first. If Google detects a website as malicious, it blocks the campaign and removes the ads. Because of this, attackers have resorted to a more sophisticated technique to bypass Google's policy enforcers and automated reviews.

A recent report from Guardio Labs states that the malicious sponsored ad link takes victims to a harmless website before redirecting them to a Trojanized version masquerading as legitimate.

The fraudulent website then leads the victim to the malicious payload. The threat actors are reportedly luring users to download fraudulent versions of several prominent projects. While users receive what they download, the malware installs silently.

Antivirus programs running on the victim's computers do not issue any warning as the payload is mostly downloaded from reputable file sharing and code hosting services such as GitHub, Dropbox, etc.

.