Written by Martin Young , Staff Writer.Reviewed by Jesse Coghlan , Staff Editor.Written by Martin Young , Staff Writer.Reviewed by Jesse Coghlan , Staff Editor.Scammers make $400K through fake Uniswap ads on Google
Latest NewsPublishedMay 26, 2026A blockchain analyst has warned that malicious phishing advertisements impersonating Uniswap have appeared on Google Search, which has netted attackers at least $400,000.
Scammers have been using Google to deploy malicious phishing advertisements impersonating the crypto protocol Uniswap, which has reportedly netted the attackers at least $400,000.
The on-chain analyst “b-block” posted to X on Monday that a website impersonating decentralized finance exchange Uniswap was draining funds from multiple wallets and the scammers were holding at least $400,000.
Stacy Muur, founder of Web3 marketing agency Green Dots, said that the scammers had stolen the funds from users through a phishing ad on Google that impersonated Uniswap, and shared a screenshot of a sponsored result from the search engine.
“It’s insane that Google has ignored this issue for years while fake links keep getting pushed above real ones and users keep getting drained,” she said.
Source: Stacy Muur
The two flagged addresses held a combined 146 ETH worth around $306,000, at the time of writing, according to Etherscan.
DeFiLlama said that “fake ads on Google are a common source of phishing attacks.” The crypto non-profit group Security Alliance (SEAL) reported in April that there was a “significant uptick” in phishing activity on Google search in March.
SEAL said that attackers pay Google or hack legitimate advertiser accounts to run convincing fake ads impersonating popular crypto protocols to lure users. Threat actors outbid legitimate crypto exchanges and protocols to achieve a superior position within the “Sponsored results” section on Google Search.
SEAL blocked over 356 malicious advertisement links, a number which is “representative of a steady volume of attacker-deployed Google Ads each week for more than a year,” it added. “The campaign is not slowing down, and we are receiving more reports from affected users.”
Related: ‘TrapDoor’ malware targets crypto dev tools in supply chain attack
The phishing ads used legitimate-looking URLs to bypass Google’s automated checks, while a hidden secondary iframe loads the malicious payload, also invisible to Google’s detection.
Victims land on convincing clones of real crypto apps, with all network traffic secretly routed through attacker-controlled servers, explained SEAL, reporting that $1.27 million in total funds were stolen between March 13 and 30.
In early May, it was reported that attackers were abusing Google Ads and legitimate shared chats from AI chatbot Claude in an active “malvertising” campaign targeting Mac users.
Facebook is also a hotbed of fake ads and scams, according to Malwarebytes, which reported in February that scammers were running paid ads that looked like official Microsoft promotions.
Victims were directed to near-perfect clones of the Windows 11 download page, where malware designed to steal crypto and credentials was deployed.
Magazine: Polymarket seeks Japan entry, Harvard dumps entire ETH position: Hodler’s Digest
More on the subject
‘TrapDoor’ malware targets crypto dev tools in supply chain attackMay 25, 2026Martin Young
StablR Euro and US dollar stablecoins depeg after $2.8M exploitMay 24, 2026Martin Young
70% of all crypto wrench attacks happen in France: ReportMay 23, 2026Vince Quill‘TrapDoor’ malware targets crypto dev tools in supply chain attackMay 25, 2026Martin YoungStablR Euro and US dollar stablecoins depeg after $2.8M exploitMay 24, 2026Martin Young70% of all crypto wrench attacks happen in France: ReportMay 23, 2026Vince Quill