Darius Baruo
May 26, 2026 07:05
Phishing ads impersonating Uniswap (UNI) siphoned $400K from wallets. Google’s ad system remains a key attack vector for crypto scams.
Phishing scammers have stolen at least $400,000 by running fake Uniswap ads on Google, according to reports from blockchain analysts and Web3 marketers. The attackers mimicked the interface of the decentralized exchange (DEX) to trick users into connecting their wallets and approving malicious transactions.
On-chain investigator “b-block” flagged two Ethereum wallets tied to the scam, which currently hold 146 ETH (around $306,000 as of May 26, 2026). The remaining funds appear to have been moved to obfuscate their trail. Stacy Muur, founder of Web3 marketing firm Green Dots, shared screenshots of sponsored results on Google pushing the fraudulent Uniswap clone above legitimate search results.
“It’s insane that Google has ignored this issue for years while fake links keep getting pushed above real ones and users keep getting drained,” Muur criticized in a post on X (formerly Twitter). The scam exploited Google’s ad platform to redirect users to a near-identical Uniswap interface, where their wallet credentials were compromised.
Google Ads: A Persistent Attack Vector
Security researchers and crypto-focused organizations like DeFiLlama and SEAL (Security Alliance) have long criticized Google’s ad ecosystem as a breeding ground for phishing campaigns. In a March 2026 report, SEAL identified a significant increase in malicious ads targeting crypto users, with nearly 360 fraudulent links blocked weekly. These ads often feature legitimate-looking URLs to bypass detection, while secondary hidden iframes load malware in the background.
Phishing attacks targeting Uniswap specifically are not new. Since 2020, scammers have leveraged fake airdrops, malicious tokens, and impersonated domains to trick users. The protocol’s permissionless design—while a cornerstone of decentralized finance—allows anyone to list tokens, including fraudulent ones, without prior review. This has made Uniswap a frequent target for bad actors.
In February 2026, Uniswap founder Hayden Adams warned that attackers were aggressively bidding on Google ads to push phishing sites above the official Uniswap link. These warnings came amid broader concerns about rising crypto scam activity, with Chainalysis reporting $17 billion stolen across various scams in 2025, a 1,400% increase in impersonation-based attacks.
Why It Matters for Traders
While Uniswap itself has not been hacked, phishing campaigns like this highlight a critical risk for users of self-custodial protocols. Unlike centralized exchanges, DEX users are responsible for verifying URLs, smart contract addresses, and wallet permissions. The $400,000 haul underscores how even minor lapses in diligence can result in significant losses.
For Uniswap (UNI) token holders, the immediate market impact appears limited—UNI is trading at $3.30, down 0.03% over the past 24 hours. However, repeated high-profile phishing attacks could erode user trust, especially in a DEX sector already grappling with regulatory uncertainty and competition. It’s worth noting that on March 3, 2026, a U.S. court ruled Uniswap is not legally liable for scams conducted on its platform, placing the onus squarely on users to safeguard their assets.
What’s Next?
Google has yet to address these recurring issues effectively, despite years of complaints from the crypto community. Meanwhile, tools like browser-based ad blockers and phishing detection services remain essential for DeFi users navigating the increasingly sophisticated threats posed by malicious actors.
As phishing attacks evolve, vigilance is key. Verifying URLs, using hardware wallets, and double-checking transaction details can mitigate risks. Uniswap’s users should be particularly cautious when interacting with search engine links, as scammers continue exploiting Google’s ad infrastructure to prey on unsuspecting victims.
Image source: Shutterstock
Be the first to comment