Fake Uniswap Google Ads Steal $400K in Crypto
Scammers deployed phishing Google ads mimicking Uniswap, stealing over $400K from users via fake interfaces. Two wallets held 146 ETH. SEAL blocked 356+ malicious links and warns the campaign persists, with $1.27M stolen in March alone. Attackers exploit Google Ads with hidden iframes.
Quick Take
Fake Uniswap Google ads drained at least $400K from users.
Scammers used hidden iframes to bypass Google's detection and show clone sites.
SEAL blocked 356+ malicious ads and reports $1.27M stolen in March.
Campaign remains active with no slowdown, targeting DeFi users.
Market Impact Analysis
BearishPhishing attacks undermine trust in DeFi platforms, could deter new users and negatively impact Uniswap and DeFi sentiment.
Speculation Analysis
Key Takeaways
- Scammers netted over $400,000 by running Uniswap-impersonating Google ads that directed users to wallet-draining clones.
- Attackers bypassed Google’s review systems using hidden iframes and legitimate-seeming URLs, making fake ads appear above real results.
- SEAL blocked 356+ malicious ad links in March as the phishing wave stole $1.27 million from DeFi users across multiple campaigns.
- The campaign continues unabated, with new victims reported daily and no sign of Google intervention.
What Happened
Phishing scammers leveraged Google Ads to drain crypto wallets by impersonating decentralized exchange Uniswap. The attackers purchased or hijacked advertiser accounts to place fraudulent sponsored links that appeared above legitimate search results for “Uniswap.” Unsuspecting users clicked the ads, landed on convincing clone sites, and connected their wallets — unwittingly approving transactions that siphoned funds. On-chain analyst b-block identified at least $400,000 stolen, while the broader campaign, tracked by Security Alliance (SEAL), had already claimed $1.27 million in March. The scheme used hidden iframes to evade Google’s automated checks, loading malicious code only after a user clicked. SEAL has blocked over 356 related ad links, but new ones continue to emerge.
The Numbers
Two flagged wallet addresses amassed 146 ETH, approximately $306,000, from the Uniswap-targeted ads. Across all crypto phishing ads in March, SEAL recorded $1.27 million in losses. The group intercepted 356+ malicious links, a weekly average that has persisted for more than a year. The Uniswap heist alone accounts for nearly a third of March’s total. On-chain data shows the funds moved through multiple wallets, suggesting automated draining tools. The fake ads achieved high click-through rates by outbidding legitimate sites for top sponsored positions, with some clones reportedly indistinguishable from the real Uniswap interface.
Why It Happened
Google’s ad platform remains a weak link in crypto security. Attackers exploit pay-per-click systems to buy prominent placements, often outspending genuine projects. Automated review tools fail to detect hidden iframes that redirect to malicious payloads only after passing initial checks. DeFi protocols like Uniswap, with billions in liquidity and a non-custodial ethos, present lucrative targets — users authorize token approvals by default, unaware of hidden transfer functions. The phishing surge also reflects broader trends: rising crypto adoption brings more inexperienced users, while regulatory gaps leave ad platforms with little accountability for financial harm. Until Google implements stricter vetting or liability, bad actors will continue to profit.
Broader Impact
The campaign erodes trust in DeFi on-ramps, especially for newcomers who rely on search engines. Persistent phishing ads under Uniswap’s name damage its brand and could slow user growth, despite the protocol itself being uncompromised. The attacks also highlight a systemic vulnerability across major web platforms — similar ad-based scams have surfaced on Facebook and Bing. Regulatory pressure may mount on tech giants to better police crypto advertisements, potentially reshaping how projects market themselves. For now, users bear the burden of verification, while the stolen funds fuel further criminal operations.
What to Watch Next
- Whether Google adjusts its ad policies or faces legal action from affected projects and users.
- A possible spike in copycat campaigns targeting other top DeFi protocols like Aave or Curve.
- Uniswap Labs may issue formal warnings, pursue takedowns, or push for industry-wide ad verification standards.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
