- Fake Google ads impersonating Uniswap drained more than $400,000 from crypto users.
- Attackers used sponsored search results and cloned Uniswap interfaces to trick users.
- One linked scam wallet reportedly held around 146 ETH worth more than $300,000.
Crypto users have lost at least $400,000 after clicking fake Google ads impersonating Uniswap, according to multiple security researchers tracking the campaign.
The attack used sponsored Google search results that redirected users to cloned Uniswap websites. Once victims connected wallets and approved transactions, attacker-controlled contracts drained funds directly from their accounts.
On-chain analyst b-block said wallets tied to the operation were already holding more than $400,000 in stolen assets. One linked wallet alone reportedly contained around 146 ETH worth over $300,000 at the time the campaign was identified.
The phishing pages were designed to closely match Uniswap’s real interface, making detection difficult even for experienced users.
Experienced Traders Also Caught in the Scam
One of the reported victims was trader ika, who connected a wallet to what appeared to be the official Uniswap interface through a Google search result.
The site was fake, and after signing a malicious approval transaction, funds were drained almost immediately.
Such scams rely on a simple setup where attackers buy sponsored Google ads for high-traffic crypto terms like “Uniswap.” Then, they place fake domains above organic search results and wait for users to connect wallets.
Some campaigns reportedly used deceptive infrastructure, such as sites.google.com pages, to make malicious links appear more trustworthy.
Once approvals are signed, attackers gain permission to move tokens directly from wallets. Since blockchain transfers are irreversible, victims have almost no recovery options after funds leave their addresses.
Uniswap Founder Criticized Such Scams
On the other hand, Uniswap founder Hayden Adams publicly criticized search platforms in February, calling attention to repeated scam advertisements appearing above legitimate protocol links.
Community members have flagged similar fake ads for years, but attackers continue replacing removed domains with new ones and relaunching campaigns through fresh sponsored placements.
Google Search Phishing Campaigns Accelerate
Security Alliance (SEAL) said phishing activity tied to Google Search ads increased sharply starting in March.
The organization reported blocking more than 356 malicious advertisement links in recent weeks alone. According to SEAL, the campaigns have remained active for over a year and continue expanding.
Attackers either purchase ads directly for fake protocol websites or compromise legitimate advertiser accounts to bypass detection systems and secure better placement inside sponsored search sections.
SEAL also said many phishing pages now use hidden secondary iframes that load malicious payloads invisibly, allowing fake sites to bypass Google’s automated ad reviews.
Between March 13 and March 30 alone, SEAL tracked roughly $1.27 million stolen through similar phishing campaigns targeting crypto users.
Related: XRP Community Hit With Warning Amid Fresh Xaman User Scam Wave
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
