- Trending
- Comments
- Latest
Scammers stole at least $400,000 from DeFi users by purchasing sponsored Google Search ads that impersonated Uniswap, placing fraudulent websites above the legitimate exchange in search results and tricking users into connecting their wallets.
According to analysts and security researchers, the phishing campaign used sponsored search results to lure victims into connecting wallets to fraudulent websites designed to drain digital assets.
According to a report published by Cointelegraph, on-chain analyst “b-block” identified malicious websites masquerading as Uniswap pages that were actively stealing user funds.
The analyst said wallets linked to the attackers were holding at least $400,000 connected to the operation.
The phishing sites reportedly appeared in Google Search as sponsored advertisements, giving them premium placement above legitimate search results.
Users searching for Uniswap were redirected to near-identical clones of the authentic platform, where malicious wallet approvals enabled attackers to siphon funds.
Stacy Muur, founder of Web3 marketing agency Green Dots, shared screenshots of the fraudulent advertisements and criticized the persistence of crypto-related phishing ads on major search engines.
“It’s insane that Google has ignored this issue for years while fake links keep getting pushed above real ones and users keep getting drained.” Stacy Muur, Founder, Green Dots.
Blockchain data referenced in the report showed two flagged wallet addresses containing a combined 146 ETH, valued at approximately $306,000 at the time of publication.
The crypto security nonprofit Security Alliance (SEAL) warned earlier this year that phishing campaigns using Google advertisements have accelerated significantly.
In an April report cited by Cointelegraph, SEAL said attackers are either paying directly for ads or compromising legitimate advertiser accounts to promote fake crypto platforms.
According to SEAL, threat actors deliberately outbid legitimate crypto firms to secure top placement in Google’s Sponsored section, increasing the likelihood that unsuspecting users click malicious links before finding official websites.
SEAL said it blocked more than 356 malicious advertisement links over the past year, describing the activity as a sustained and organized campaign targeting crypto users.
Between March 13 and March 30 alone, phishing attacks tied to fake crypto ads reportedly resulted in $1.27 million in losses. The organization also explained how attackers bypass Google’s automated ad review systems.
Fraudulent campaigns reportedly use legitimate-looking URLs and hidden secondary iframes that remain invisible during Google’s detection process.
Once users click through, traffic is rerouted through attacker-controlled infrastructure hosting fake crypto interfaces.
The latest incident has intensified criticism of major technology platforms over their handling of crypto-related scam advertisements.
Researchers and crypto users have repeatedly warned that phishing campaigns exploiting trusted brands remain widespread across search engines and social media platforms.
DeFi analytics platform DeFiLlama described fake Google advertisements as a “common source of phishing attacks,” reinforcing concerns that the problem extends beyond a single incident.
Cybersecurity firm Malwarebytes has also documented similar schemes on Facebook involving fake software advertisements and credential-stealing malware.
Cointelegraph noted that attackers recently abused Google Ads and even legitimate AI chatbot-related links in broader “malvertising” campaigns targeting users.
The persistence of phishing campaigns is particularly concerning for retail investors entering decentralized finance markets during periods of heightened trading activity.
Sponsored search results often appear trustworthy to less experienced users, making phishing ads one of the most effective attack vectors in crypto.
Security researchers continue to advise crypto investors to avoid clicking sponsored links when accessing exchanges, wallets, or decentralized applications.
Instead, users are encouraged to rely on bookmarked official websites, verify URLs carefully, and review wallet transaction permissions before signing approvals.
The incident shows a broader challenge facing the crypto industry as phishing operations become increasingly sophisticated while leveraging mainstream advertising infrastructure.
For investors and DeFi traders, the latest Uniswap-related scam serves as another reminder that convenience and visibility in search results do not guarantee legitimacy.
Copyright © 2025 - The Bit Gazette.
