The nascent crypto recovery of January 2023 brought more than just rising prices — it also served as a stark reminder that the digital asset space remains a minefield of security threats. On January 15, prominent NFT influencer Alex Finn, known online as NFT God, revealed that his entire crypto wallet had been drained after falling victim to a sophisticated phishing attack delivered through Google Ads.
TL;DR
- NFT influencer Alex Finn (NFT God) lost his entire crypto wallet and NFT collection on January 15, 2023
- The attack was delivered through a malicious Google Ads-sponsored link masquerading as OBS streaming software
- Finn publicly acknowledged the loss: “All my crypto and NFTs ripped from me”
- The incident highlights persistent vulnerabilities in the NFT and broader crypto ecosystem
- Google Ads continue to be exploited as a vector for crypto-targeted malware distribution
The Attack: How It Unfolded
According to Finn’s own account shared on social media, the ordeal began with a seemingly routine action. While attempting to download OBS (Open Broadcaster Software), a popular streaming application, he clicked on what appeared to be a legitimate sponsored advertisement on Google. The link, however, was a carefully crafted trap.
The sponsored Google ad led to a lookalike website hosting malware designed specifically to compromise cryptocurrency wallets. Once the malicious software was installed, it systematically drained Finn’s holdings — including cryptocurrencies and his entire NFT collection.
“All my crypto and NFTs ripped from me,” Finn wrote on January 15, 2023, in a post that quickly gained traction across the crypto community. The hackers did not stop at simply transferring assets; reports indicated they also used his compromised accounts to send additional phishing links to his followers, amplifying the attack vector.
Google Ads: A Persistent Threat Vector
The use of Google Ads as a delivery mechanism for crypto-targeting malware is not new, but it remains alarmingly effective. Bad actors purchase sponsored placements for high-traffic search terms related to popular software downloads, cryptocurrency platforms, and Web3 tools. These ads appear at the top of search results, often indistinguishable from legitimate links to casual observers.
Once a user clicks the ad and downloads what they believe to be legitimate software, the malware — typically a clipboard hijacker, keylogger, or wallet drainer — goes to work. In Finn’s case, the malware was sophisticated enough to access and drain his entire wallet in what appears to have been a single coordinated sweep.
The Broader NFT Security Landscape
The timing of the attack was particularly painful. The crypto market was experiencing its first meaningful rally since the catastrophic collapse of FTX in November 2022. Bitcoin had surged above $20,880, and Ethereum was trading around $1,552, with both assets posting weekly gains exceeding 20%. The overall crypto market cap had reclaimed the $1 trillion milestone.
For NFT holders, the recovery was especially welcome after months of declining floor prices and waning interest. But Finn’s experience illustrated a cruel irony: even as the market recovered, security vulnerabilities could erase years of accumulation in seconds.
The NFT space has been particularly vulnerable to these types of attacks due to the high value concentrated in individual wallets and the irreversible nature of blockchain transactions. Once an NFT or cryptocurrency is transferred out of a wallet, recovery is virtually impossible without the cooperation of the recipient — an unlikely scenario when the recipient is a malicious actor.
Lessons and Industry Response
Finn’s public disclosure was widely praised as a cautionary tale that could help prevent similar attacks. The crypto community rallied around the incident, using it as a teaching moment about the importance of verifying download sources, using hardware wallets for significant holdings, and maintaining skepticism toward sponsored advertisements.
The incident also renewed calls for Google to implement stricter vetting processes for cryptocurrency-related advertisements. While the search giant has taken steps to regulate crypto ads, bad actors continue to find ways to slip malicious campaigns through the cracks, often by advertising seemingly unrelated software that contains hidden crypto-targeting payloads.
Why This Matters
The NFT God hack is not an isolated incident — it is representative of a systemic vulnerability in the way users interact with Web3 tools and services. As long as centralized advertising platforms can be weaponized to distribute wallet-draining malware, no amount of blockchain innovation will protect users from the human element of social engineering. The January 2023 attack serves as a permanent reminder: in crypto, your security is only as strong as your most careless click.
Disclaimer: This article is for informational purposes only and does not constitute financial or security advice. Always verify software download sources and consider using hardware wallets for storing significant digital asset holdings.
google ads as an attack vector in 2023 is embarrassing. google makes billions and cannot verify that an OBS ad links to actual OBS
the craziest part is he knew about crypto scams and still clicked a sponsored link. one moment of carelessness and everything is gone
he was live streaming when it happened too. his viewers watched the wallet drain in real time. absolutely brutal
live streaming while your wallet drains is nightmare fuel. the viewers could see the transactions happening and couldnt do anything
stream_sniper_ is right. his viewers watched the wallet drain tx confirm in real time on the stream. nobody could do anything. thats straight up trauma
knowing about scams and still getting hit proves that one tired moment undoes years of security awareness. happens to the best
google verified advertiser program and this still slipped through. imagine what unverified ads look like
the fake OBS download URL was off by one character from the real one. google verified the advertiser and still served malware as a sponsored link. beyond embarrassing
google made billions in ad revenue in 2023 and couldnt verify that an OBS sponsor link pointed to the actual OBS download. one character off and they cashed the check anyway
this is why you keep your NFTs on a hardware wallet, not in a hot wallet connected to your browser. nft god learned the hardest way possible
sponsored link for OBS that was actually malware. the download URL was off by one character. always check the URL bar people