1. Home
  2. Crypto stolen

Crypto stolen

Google Ads-delivered malware drains NFT influencer’s entire crypto wallet

A sponsored advertising link on Google hid malware that siphoned thousands of dollars worth of crypto and NFTs from an influencer’s wallet.

An NFT influencer claims to have lost “a life-changing amount” of their net worth in nonfungible tokens (NFTs) and crypto after accidentally downloading malicious software found via a Google Ad search result.

The pseudo-anonymous influencer known on Twitter as “NFT God” posted a series of tweets on Jan. 14 describing how his “entire digital livelihood” came under attack including a compromise of his crypto wallet and multiple online accounts.

NFT God, known also as “Alex,” said he used Google's search engine to download OBS, an open-source video streaming software. But instead of clicking on the official website, he clicked the sponsored advertisement for what he thought was the same thing. 

It wasn’t until hours later — after a series of phishing tweets posted by attackers on two Twitter accounts that Alex operates — that he realized malware was downloaded from the sponsored advertisement alongside the software he wanted.

Following a message from an acquaintance, Alex noticed his crypto wallet was also compromised. The next day, attackers breached his Substack account and sent phishing emails to his 16,000 subscribers.

Blockchain data shows that at least 19 Ether (ETH) worth nearly $27,000 at the time, a Mutant Ape Yacht Club (MAYC) NFT with a current floor price of 16 ETH ($25,000), and multiple other NFTs were siphoned from Alex’s wallet.

The attacker moved most of the ETH through multiple wallets before sending it to the decentralized exchange (DEX) FixedFloat, where it was swapped for unknown cryptocurrencies.

Alex believes the “critical mistake” that allowed the wallet hack was setting up his hardware wallet as a hot wallet by entering its seed phrase “in a way that no longer kept it cold,” or offline, which allowed the hackers to gain control of his crypto and NFTs.

Related: Navigating the World of Crypto: Tips for Avoiding Scams

Unfortunately, NFT God’s experience isn’t the first time the crypto community has dealt with crypto-stealing malware in Google Ads.

A Jan. 12 report from cybersecurity firm Cyble warned of an information-stealing malware called “Rhadamanthys Stealer” spreading through Google Ads on “highly convincing phishing webpage[s].”

In October, Binance CEO Changpeng “CZ” Zhao warned that Google search results were promoting crypto phishing and scamming websites.

Cointelegraph contacted Google for comment but did not receive a response. In its help center, however, Google said it “actively works with trusted advertisers and partners to help prevent malware in ads.”

It also describes its use of “proprietary technology and malware detection tools” to regularly scan Google Ads.

Cointelegraph was unable to replicate the results of Alex’s search nor verify if the malicious website was still active.

Bitcoin ETFs surpass gold ETFs in AUM

$62M crypto stolen in Dec was the ‘lowest monthly figure’ in 2022: CertiK

December proved to be the month with the least crypto stolen in 2022, although there were still 23 major incidents, according to CertiK.

Cryptocurrency hackers and exploiters seemingly slowed down for the 2022 holidays as December saw $62.2 million worth of cryptocurrencies stolen, the “lowest monthly figure” of the year, according to CertiK.

The blockchain security company on Dec. 31 tweeted a list of the month's most significant attacks. It highlighted the $15.5 million worth of exit scams as the method that stole the most value over the month, followed by the $7.6 million worth of flash loan-based exploits.

A later tweet on Jan. 1 confirmed that the 23 largest exploits were responsible for around 98.5% of the $62.2 million figure, with the $15 million Helio Protocol incident on Dec. 2 the largest of the month.

The protocol, which manages the stablecoin HAY (HAY), suffered a loss when a trader took advantage of a price discrepancy in Ankr Reward Bearing Staked BNB (aBNBc) to borrow millions worth of HAY.

At the time, the decentralized finance (DeFi) protocol Ankr suffered a separate exploit where an attacker minted 20 trillion aBNBc, causing its price to plummet. The Helio trader quickly deposited aBNBc tokens to borrow 16 million HAY, causing the loan to be significantly undercollateralized, leading to the protocol's loss and a depeg of its stablecoin.

The second largest incident of the month was the $12.9 million exploits of Defrost Finance’s v1 and v2 protocols on Dec. 23, where an attacker carried out a flash loan attack by adding a fake collateral token and a malicious price oracle to liquidate the protocol.

Days after the exploit, the hacker returned the funds stolen from the v1 protocol to an address controlled by Defrost, though funds are yet to have been returned for the v2 hack.

CertiK labeled the exploit an “exit scam” due to the fact an admin key was required to conduct the attack. Defrost denied the allegations to Cointelegraph, claiming the key was compromised.

Related: Crypto’s recovery requires more aggressive solutions to fraud

The December figure is much lower than the month prior, seeing an 89.5% decrease from the $595 million worth of exploits across 36 major incidents CertiK recorded in November, a figure largely skewed by the $477 million hack of crypto exchange FTX.

Overall for 2022, just the largest 10 exploits of the year funneled around $2.1 billion to bad actors, largely on cross-blockchain bridges and DeFi protocols.

Bitcoin ETFs surpass gold ETFs in AUM

More than $1.6 billion exploited from DeFi so far in 2022

The amount exploited this year so far surpasses the total amount stolen in all of 2020 and 2021 combined, with the month of March alone beating 2020 by over $200 million.

The decentralized finance (DeFi) space has been rife with hacks, exploits, and scams so far this year with over $1.6 billion in crypto stolen from users, surpassing the total amount stolen in 2020 and 2021 combined.

Analysis from blockchain security firm CertiK revealed the statistics on May 2 showing the month of March having the most value stolen at $719.2 million, over $200 million more than what was stolen in all of 2020. The March figure is largely due to the Ronin Bridge exploit where attackers made off with over $600 million worth of crypto.

April was a busy month for attacks with CertiK recording 31 major incidents, an average of nearly one a day. The most valuable was the $182 million siphoned from Beanstalk Farms using a flash loan attack.

CertiK noted the nearly $80 million lost by Fei Protocol, the second most valuable heist last month, and the $10 million lost from automated market maker protocol Saddle Finance which both took place at the end of the month.

Both protocols took to Twitter to offer their respective attackers a bounty in exchange for returning the stolen funds. Whilst the chances of that happening may be slim, it’s not unheard of as the Poly Network hacker in 2021 returned nearly all of the $610 million stolen from the network along with refusing a $500,000 bounty reward.

CertiK said that April 2022 “holds the record for highest dollar amount losses in flash loan attacks ever recorded by us” with losses from that type of exploit reaching $301.4 million. In comparison, flash loan attack losses in January, February, and March 2022 combined were only $6.7 million.

Related: The biggest crypto heists of all time

The analysis of this year's DeFi exploits comes as the total value locked (TVL) in DeFi has dropped below $200 billion for the first time since March 16 according to DeFiLlama.

Between April 30 and May 1, TVL dropped by just over 3.5% to $195.87 billion, only slightly recovering to $199.42 billion today Tuesday, May 3. The last 30 days since April 3 have seen a 13.5% decrease in TVL and a nearly 22% decline since the all-time high of over $254 billion on December 2, 2021.

Bitcoin ETFs surpass gold ETFs in AUM

Report: $1.3 Billion in Crypto Stolen in Q1 2022, 97% Stemmed From Defi Exploits

Report: .3 Billion in Crypto Stolen in Q1 2022, 97% Stemmed From Defi ExploitsAccording to a research report, $1.3 billion in digital currencies have been stolen during the first quarter of 2022. The study, published by cryptomonday.de researchers, further highlights that 97% of the stolen funds derived from decentralized finance (defi) protocol exploits. Defi Exploits Account for Lion’s Share of Stolen Crypto This Year 2022 is already breaking […]

Bitcoin ETFs surpass gold ETFs in AUM