Uniswap Phishing Scams on Google Ads Drain Over $400K From Crypto Wallets

Highlights:

• Uniswap phishing scams drained over $400,000 after attackers used fake Google-sponsored advertisements.
• Attackers placed phishing crypto websites above official search results to trick users into approving transactions.
• Security researchers linked Google advertisements to the rising crypto wallet draining attacks across DeFi platforms.

Scammers used fake Google advertisements impersonating Uniswap and stole more than $400,000 from crypto wallet holders, according to on-chain analyst “b-block”. The analyst said a fake Uniswap website drained funds from several users through sponsored Google search advertisements.

Advertisement

Scammers Steal at Least $400K Through Fake Uniswap Google Ads

On-chain analyst b-block warned that fake Google ads impersonating Uniswap are stealing user funds, with attackers having obtained at least $400,000 so far. Stacy Muur, founder of Web3 marketing agency Green Dots,… pic.twitter.com/QPfjtV0oUi

— Wu Blockchain (@WuBlockchain) May 26, 2026

b-block shared two attacker wallet addresses connected to the Uniswap phishing operation. Etherscan data showed the two attacker wallets held 146 ETH worth nearly $306,000 during reporting.

Stacy Muur, founder of Web3 marketing agency Green Dots, said sponsored Google advertisements placed fake Uniswap links above legitimate search results. She shared a screenshot showing the fake Uniswap advertisement appearing in Google’s sponsored search section.

Two scammers have already stolen ~$400,000 from users through a phishing @Uniswap ad on Google.

It’s insane that Google has ignored this issue for years while fake links keep getting pushed above real ones and users keep getting drained.

This is the first result that popped out… https://t.co/Ov488s9DIl pic.twitter.com/qStRGq8qTE

— Stacy Muur (@stacy_muur) May 25, 2026

Muur criticized Google after fake sponsored Uniswap links drained funds from multiple crypto wallet holders. She said fake links continued appearing above legitimate websites while users lost crypto assets. The phishing website copied Uniswap’s interface and branding to trick users into connecting their crypto wallets. Users unknowingly approved malicious wallet transactions after opening the cloned website.

The attackers stole funds without accessing the victims’ private wallet keys. Instead, they used malicious smart contract approvals that granted direct access to victims’ crypto wallets. Once victims approved the malicious transaction, scammers immediately transferred crypto assets from connected wallets. Attackers placed fake crypto websites in the top sponsored Google search positions to increase wallet phishing success.

Uniswap Phishing Scams Exploit Sponsored Search Rankings

Security Alliance, also known as SEAL, reported a sharp increase in crypto phishing advertisements across Google Search during March. SEAL said attackers either purchased Google advertisements directly or hijacked verified advertiser accounts to spread phishing links.

SEAL said scammers frequently outbid legitimate crypto companies to place phishing advertisements above official websites on Google Search. Consequently, Google users searching for crypto platforms often open phishing websites before official protocol pages.

SEAL blocked more than 356 malicious Google advertisement links connected to crypto phishing campaigns during the past year. However, SEAL said attackers continued launching new crypto phishing advertisements every week.

SEAL revealed that attackers bypassed Google’s automated detection systems through hidden malicious website elements. The group said phishing pages displayed legitimate-looking URLs while hidden iframes loaded malicious wallet-draining payloads.

Victims who opened the phishing websites saw cloned crypto interfaces that closely matched official Uniswap and Aave platforms. Meanwhile, attacker-controlled servers secretly routed wallet traffic through phishing systems that intercepted user approvals.

SEAL estimated that crypto phishing campaigns tied to Google advertisements stole roughly $1.27 million between March 13 and March 30. Attackers also used Punycode domains that closely resembled legitimate crypto protocol websites to deceive wallet holders.

Earlier DeFi Advertisement Campaigns Exposed Similar Wallet Risks

Google advertisements promoted several crypto phishing websites that targeted DeFi users during the past year. Earlier reports showed that scammers used fake Google Ads for Uniswap to target high-value DeFi investors. Scam Sniffer previously reported that one DeFi user lost more than $1.23 million in Uniswap NFTs through a fake Google advertisement. The victim signed a malicious wallet transaction after opening a cloned Uniswap website promoted through Google advertisements.

🚨 ALERT: Someone lost $1.23M worth of Uniswap V3 Position NFTs after signing a phishing transaction. 💸 pic.twitter.com/nHcFWMNvdn

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) July 21, 2025

The phishing website executed unlimited token approval permissions through a malicious smart contract after the victim connected a wallet. As a result, attackers transferred the victim’s Uniswap NFT assets within minutes of the wallet approval.

Crypto phishing campaigns recently expanded beyond Uniswap and started targeting Aave users through fake Google advertisements. Blockchain security firm PeckShield Alert warned crypto users about fake Aave advertisements appearing in Google-sponsored search results. The fake Aave websites tricked users into approving malicious wallet transactions that transferred control to attackers. Attackers later drained crypto assets from connected wallets after receiving transaction approvals.

Advertisement