The nascent crypto recovery of January 2023 brought more than just rising prices — it also served as a stark reminder that the digital asset space remains a minefield of security threats. On January 15, prominent NFT influencer Alex Finn, known online as NFT God, revealed that his entire crypto wallet had been drained after falling victim to a sophisticated phishing attack delivered through Google Ads.
TL;DR
- NFT influencer Alex Finn (NFT God) lost his entire crypto wallet and NFT collection on January 15, 2023
- The attack was delivered through a malicious Google Ads-sponsored link masquerading as OBS streaming software
- Finn publicly acknowledged the loss: “All my crypto and NFTs ripped from me”
- The incident highlights persistent vulnerabilities in the NFT and broader crypto ecosystem
- Google Ads continue to be exploited as a vector for crypto-targeted malware distribution
The Attack: How It Unfolded
According to Finn’s own account shared on social media, the ordeal began with a seemingly routine action. While attempting to download OBS (Open Broadcaster Software), a popular streaming application, he clicked on what appeared to be a legitimate sponsored advertisement on Google. The link, however, was a carefully crafted trap.
The sponsored Google ad led to a lookalike website hosting malware designed specifically to compromise cryptocurrency wallets. Once the malicious software was installed, it systematically drained Finn’s holdings — including cryptocurrencies and his entire NFT collection.
“All my crypto and NFTs ripped from me,” Finn wrote on January 15, 2023, in a post that quickly gained traction across the crypto community. The hackers did not stop at simply transferring assets; reports indicated they also used his compromised accounts to send additional phishing links to his followers, amplifying the attack vector.
Google Ads: A Persistent Threat Vector
The use of Google Ads as a delivery mechanism for crypto-targeting malware is not new, but it remains alarmingly effective. Bad actors purchase sponsored placements for high-traffic search terms related to popular software downloads, cryptocurrency platforms, and Web3 tools. These ads appear at the top of search results, often indistinguishable from legitimate links to casual observers.
Once a user clicks the ad and downloads what they believe to be legitimate software, the malware — typically a clipboard hijacker, keylogger, or wallet drainer — goes to work. In Finn’s case, the malware was sophisticated enough to access and drain his entire wallet in what appears to have been a single coordinated sweep.
The Broader NFT Security Landscape
The timing of the attack was particularly painful. The crypto market was experiencing its first meaningful rally since the catastrophic collapse of FTX in November 2022. Bitcoin had surged above $20,880, and Ethereum was trading around $1,552, with both assets posting weekly gains exceeding 20%. The overall crypto market cap had reclaimed the $1 trillion milestone.
For NFT holders, the recovery was especially welcome after months of declining floor prices and waning interest. But Finn’s experience illustrated a cruel irony: even as the market recovered, security vulnerabilities could erase years of accumulation in seconds.
The NFT space has been particularly vulnerable to these types of attacks due to the high value concentrated in individual wallets and the irreversible nature of blockchain transactions. Once an NFT or cryptocurrency is transferred out of a wallet, recovery is virtually impossible without the cooperation of the recipient — an unlikely scenario when the recipient is a malicious actor.
Lessons and Industry Response
Finn’s public disclosure was widely praised as a cautionary tale that could help prevent similar attacks. The crypto community rallied around the incident, using it as a teaching moment about the importance of verifying download sources, using hardware wallets for significant holdings, and maintaining skepticism toward sponsored advertisements.
The incident also renewed calls for Google to implement stricter vetting processes for cryptocurrency-related advertisements. While the search giant has taken steps to regulate crypto ads, bad actors continue to find ways to slip malicious campaigns through the cracks, often by advertising seemingly unrelated software that contains hidden crypto-targeting payloads.
Why This Matters
The NFT God hack is not an isolated incident — it is representative of a systemic vulnerability in the way users interact with Web3 tools and services. As long as centralized advertising platforms can be weaponized to distribute wallet-draining malware, no amount of blockchain innovation will protect users from the human element of social engineering. The January 2023 attack serves as a permanent reminder: in crypto, your security is only as strong as your most careless click.
Disclaimer: This article is for informational purposes only and does not constitute financial or security advice. Always verify software download sources and consider using hardware wallets for storing significant digital asset holdings.
a google sponsored link took out his whole wallet. and people still keep funds on hot wallets smh
bro clicked a google ad to download obs. rule #1 of crypto: never click sponsored links for anything ever
The part about hackers using his accounts to send phishing links to his followers is the worst. Double victim impact.
Google needs to be held liable for this stuff. They take the ad money and wash their hands. Been happening since 2017 at least.