A fresh phishing campaign using fake Uniswap sites advertised through Google Search has siphoned off at least $400,000 from unsuspecting crypto users, highlighting a persistent weak spot in search-ad policing.
What happened
- On-chain analyst “b-block” flagged a malicious website impersonating Uniswap that drained multiple wallets. Two attacker-controlled addresses tied to the operation together held 146 ETH — roughly $306,000 at the time of reporting, according to Etherscan snapshots shared by the analyst.
- Web3 marketer Stacy Muur (founder of Green Dots) posted screenshots showing a sponsored Google search result that led to the phishing site and blasted Google for failing to stop similar scams that repeatedly push fake links above the real ones.
How the scam works
- Attackers buy or hijack Google Ads to place spoofed DEX links at the top of search results, making them highly visible to users searching for Uniswap or other protocols.
- The phishing pages are near-perfect clones of legitimate platforms. When victims connect wallets and approve what looks like a routine transaction, they often inadvertently grant smart contracts unlimited transfer permissions. That approval lets scammers pull funds directly from the victim’s wallet without needing private keys.
- Tactics include Punycode domains, hidden iframes and secondary payloads designed to evade automated ad-detection systems — meaning malicious pages can display legitimate-looking URLs to Google while routing traffic through attacker-controlled infrastructure.
Context — this is not new
- Google-Ads-driven phishing has been implicated in multiple large losses this year. In July, Scam Sniffer reported a DeFi user lost over $1.23 million in Uniswap NFTs after interacting with a fake site promoted via Google Ads.
- The Security Alliance (SEAL) said phishing via Google Search ads surged in March and that attackers either outbid legitimate advertisers or compromise advertiser accounts to publish fake links. SEAL reported blocking more than 356 malicious ad links over the past year and estimated phishing tied to Google ads stole about $1.27 million between March 13–30 alone.
- Blockchain security firms such as DeFiLlama and PeckShield Alert have repeatedly warned about similar campaigns, including recent fake Aave ads placed at the top of Google results.
Why it succeeds
- Sponsored search results look trusted, and cloned UI + convincing URLs make it easy for users to be fooled.
- Once an approval is granted from a connected wallet, smart contracts can execute transfers without further interaction, so a single mistaken click can be catastrophic.
Takeaways for users and platforms
- Users: bookmark official DEX addresses, double-check URLs (watch for Punycode), carefully review wallet approvals, and use tools to audit or revoke excessive allowances.
- Platforms and ad providers: security teams and ad platforms need more robust detection, faster takedowns, and better controls to prevent malicious actors from buying top ad slots or compromising advertiser accounts.
This latest case underscores how sponsored search remains a favored vector for large-scale crypto phishing — and how much work is still needed from ad platforms and the broader ecosystem to stop it.
Read more AI-generated news on: undefined/news
