Fake Google ads impersonating Uniswap have stolen at least $400,000 from crypto users, adding another major loss to a phishing wave targeting DeFi wallets through sponsored search results.
The campaign used paid Google search ads that led users to fake Uniswap websites instead of the real decentralized exchange interface. Users who connected wallets or signed malicious prompts on those phishing pages had funds drained by attacker-controlled contracts.
Two scammer wallets were linked to the latest campaign, with one holding about 146 ETH worth more than $300,000 and another holding additional stolen assets. The total tracked haul was placed above $400,000 as the fake ads continued circulating.
Stacy Muur, founder of Web3 marketing agency Green Dots, also flagged the campaign after sponsored search results for fake Uniswap pages appeared above legitimate links. The tactic is especially dangerous because many users still reach DeFi apps by searching a protocol name and clicking the first result.
The latest drain follows a broader run of crypto security incidents, including the recent SquidRouterModule exploit that drained 86 Gnosis Safes across Ethereum and Base.
Google Search Phishing Campaigns Accelerate
Crypto phishing through Google Search ads has intensified since March. Security Alliance tracked malicious Google Ads campaigns targeting DeFi apps, wallets and crypto services, with more than 356 phishing URLs blocked in recent weeks.
The campaigns often rely on two routes. Attackers either buy ads for fake protocol websites directly or compromise legitimate advertising accounts and use them to push malicious links. That gives the fake pages stronger placement and makes them harder for users to distinguish from ordinary sponsored results.
Uniswap is a repeated target because it is one of the most used DeFi interfaces. A fake swap page can request token approvals, malicious signatures or direct wallet actions that look normal to less experienced users. Once a wallet signs the wrong prompt, attackers can move approved tokens quickly and route stolen funds through other wallets or exchanges.
The same pattern has been visible across wider DeFi losses this year. Recent tracking showed DeFi exploit losses reaching $816.9 million as wallet drains, protocol exploits and phishing-linked incidents continued to hit users and platforms.
Wallet Users Face Search-Ad Risk
The latest Uniswap phishing campaign shows why search ads remain a serious risk for self-custody users. The fake sites do not need to hack Uniswap itself. They only need to intercept users before they reach the correct interface.
The safest path is direct navigation through saved bookmarks, verified protocol domains and wallet warnings before any approval or signature is confirmed. Users who clicked a fake Uniswap ad should review recent signatures, check token approvals and move remaining assets to a clean wallet if a malicious transaction was signed.
The incident also adds pressure on advertising platforms to remove scam placements faster. Crypto phishing has become more polished, better funded and more persistent, while attackers continue targeting the same high-traffic DeFi brands users search for every day.
The next signals are the movement of the two tracked scam wallets, additional victim reports, takedowns of the fake domains and whether the stolen ETH moves toward exchanges, mixers or new phishing infrastructure. The confirmed damage already sits above $400,000, and the campaign remains part of a wider Google Ads phishing wave aimed at crypto wallets.
Be the first to comment