Scammers have siphoned more than $400,000 from crypto users by running fake Uniswap pages promoted via Google ads. The campaign, reported by analysts and highlighted on X by B‑block, used a cloned Uniswap site buried behind a sponsored search result to trick users into connecting wallets and approving transactions.
Etherscan data shows the two addresses used in the exploit initially held roughly 146 ETH, and victims reported losing funds within minutes of visiting the fraudulent pages. The attackers built credibility by paying for Google’s sponsored ad placement, which pushed their links above legitimate resources and lured unsuspecting users.
Stacy Muur, founder of Green Dots, warned that this incident underscores a long‑running problem with search ads prioritizing fake links. She urged users to verify links through official social channels or trusted aggregators like DeFiLlama before connecting wallets.
This episode is part of a larger trend: phishing and impersonation schemes continue to evolve. Earlier this year, scammers impersonated hardware‑wallet makers such as Trezor and Ledger in an email campaign that sought sensitive details. In a separate case last year, two UK hackers used cloned sites to drain more than $2 million. As traditional email and webpage phishing tactics decline, attackers are leveraging paid search placement and other methods to increase trust and reach.
How these scams work
– Attackers copy the look and content of a legitimate DeFi interface.
– They buy sponsored search ads or use misleading domains to ensure the fake site appears first.
– When users connect their wallets and approve transactions, malicious contracts or approval calls transfer funds out.
How to reduce your risk
– Bookmark official project sites and access them directly.
– Verify links posted on official social accounts (X/Twitter) and cross‑check with aggregator sites like DeFiLlama.
– Never approve transactions you don’t fully understand; review the contract and the specific permissions being granted.
– Use hardware wallets for large balances and avoid connecting them to unfamiliar sites.
– Regularly review and revoke unnecessary token approvals via trusted tools.
Security teams and users alike continue to warn that these attacks weigh on market confidence, particularly during down markets. Until ad platforms and search engines improve vetting, caution and basic on‑chain hygiene remain the best defenses against fast, paid‑placement phishing campaigns.
