{"id":29665,"date":"2026-05-26T07:26:25","date_gmt":"2026-05-26T07:26:25","guid":{"rendered":"https:\/\/bitunikey.com\/news\/uniswap-phishing-campaign-on-google-ads-nets-attackers-over-400k\/"},"modified":"2026-05-26T07:26:34","modified_gmt":"2026-05-26T07:26:34","slug":"uniswap-phishing-campaign-on-google-ads-nets-attackers-over-400k","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/uniswap-phishing-campaign-on-google-ads-nets-attackers-over-400k\/","title":{"rendered":"Uniswap phishing campaign on Google ads nets attackers over $400k"},"content":{"rendered":"<div class=\"post-detail__content blocks\">\n<p>Crypto users have continued losing funds to phishing campaigns promoted through Google Ads, with attackers now using fake Uniswap websites to steal hundreds of thousands of dollars from unsuspecting wallet holders.<\/p>\n<div id=\"cn-block-summary-block_27254458beffe7b5a8a791635b87084e\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Fake Uniswap ads on Google search have reportedly helped scammers steal at least $400,000 from crypto users.<\/li>\n<li>Security groups said attackers continue using sponsored Google ads and cloned crypto websites to drain connected wallets.<\/li>\n<li>SEAL reported that phishing campaigns tied to malicious Google advertisements stole more than $1.27 million within weeks earlier this year.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>According to on-chain analyst \u201cb-block,\u201d a malicious website impersonating decentralized exchange Uniswap <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/b_block_oficial\/status\/2058874189164040664\" target=\"_blank\" rel=\"nofollow\">drained<\/a> multiple wallets and accumulated at least $400,000 in stolen assets.<\/p>\n<figure class=\"wp-block-image size-full\"><\/figure>\n<p>One of the attacker\u2019s wallet addresses with drained funds. Source: b-block on X.<\/p>\n<p>The analyst shared two wallet addresses tied to the operation, which together held 146 ETH worth roughly $306,000 at the time of reporting, based on Etherscan data.<\/p>\n<p>Meanwhile, Stacy Muur, founder of Web3 marketing agency Green Dots, said the phishing operation relied on sponsored Google search advertisements designed to appear above legitimate Uniswap links.\u00a0<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Two scammers have already stolen ~$400,000 from users through a phishing <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/twitter.com\/Uniswap?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow\">@Uniswap<\/a> ad on Google.<\/p>\n<p>It\u2019s insane that Google has ignored this issue for years while fake links keep getting pushed above real ones and users keep getting drained.<\/p>\n<p>This is the first result that popped out\u2026 <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/t.co\/Ov488s9DIl\">https:\/\/t.co\/Ov488s9DIl<\/a> <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/t.co\/qStRGq8qTE\">pic.twitter.com\/qStRGq8qTE<\/a><\/p>\n<p>\u2014 Stacy Muur (@stacy_muur) <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/twitter.com\/stacy_muur\/status\/2058889644935442468?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow\">May 25, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>Muur shared a screenshot showing the fake sponsored result and criticized Google for failing to stop such campaigns despite repeated incidents targeting crypto users.<\/p>\n<p>Google Ads has repeatedly appeared in similar phishing cases over the past year. As previously reported by crypto.news in July, Scam Sniffer reported that a DeFi user lost more than $1.23 million in Uniswap NFTs after signing a malicious transaction on a fake website promoted through Google Ads.\u00a0<\/p>\n<p>According to Scam Sniffer, the attackers used a phishing page that closely copied Uniswap\u2019s interface and tricked the victim into approving unlimited asset transfers through a malicious smart contract.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<p>At the same time, blockchain security firms have warned that attackers increasingly rely on Punycode domains and cloned interfaces that look nearly identical to legitimate crypto platforms. Once users connect wallets and approve transactions, scammers gain direct access to assets without needing private keys.<\/p>\n<h2 class=\"wp-block-heading\">Security groups warn phishing attacks are increasing<\/h2>\n<p>Meanwhile, decentralized finance analytics platform DeFiLlama <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/DefiLlama\/status\/2059003963446345776\" target=\"_blank\" rel=\"nofollow\">said<\/a> fake Google advertisements remain one of the most common entry points for phishing attacks in crypto.\u00a0<\/p>\n<p>Previously, the Security Alliance, also known as SEAL, <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/radar.securityalliance.org\/malicious-google-ads-targeting-crypto\/\" target=\"_blank\" rel=\"nofollow\">reported<\/a> that phishing activity tied to Google Search advertisements saw a \u201csignificant uptick\u201d during March.<\/p>\n<p>According to SEAL, attackers either purchase Google advertisements directly or compromise legitimate advertiser accounts to distribute fake links impersonating major crypto protocols and exchanges. The group said malicious actors routinely outbid legitimate companies so their phishing pages appear at the top of sponsored search results.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"726\" src=\"https:\/\/bitunikey.com\/news\/wp-content\/uploads\/2026\/05\/1779780385_851_Uniswap-phishing-campaign-on-Google-ads-nets-attackers-over-400k.webp.webp\" alt=\"Fake Uniswap ad appearing on Google search.\" class=\"wp-image-14462768\"  ><\/figure>\n<p>Fake Uniswap ad appearing on Google search. Source: SEAL.<\/p>\n<p>SEAL said it blocked more than 356 malicious advertisement links over the past year and warned the campaign remained active with continued reports from affected users. The organization also stated that attackers use hidden iframes and secondary payloads that remain invisible to Google\u2019s automated detection systems while showing users legitimate-looking URLs.<\/p>\n<p>Victims who enter these fake websites often see nearly identical copies of real crypto applications.\u00a0<\/p>\n<p>According to SEAL, all traffic from those cloned platforms gets routed through attacker-controlled servers that can intercept approvals and drain wallets. The group estimated that phishing attacks tied to Google ads stole roughly $1.27 million between March 13 and March 30 alone.<\/p>\n<p>More recently, blockchain security firm PeckShield Alert warned about another phishing campaign involving fake Aave advertisements placed at the top of Google search results.\u00a0<\/p>\n<p>As previously reported by crypto.news, the malicious websites prompted users to approve transactions that handed wallet access directly to attackers. Scam Sniffer issued a similar warning in June after spotting fake Aave ads ranking prominently in Google searches.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<\/p><\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Crypto users have continued losing funds to phishing campaigns promoted through Google Ads, with attackers now using fake Uniswap websites to steal hundreds of thousands of dollars from unsuspecting wallet&hellip;<\/p>\n","protected":false},"author":1,"featured_media":29666,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-29665","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/29665","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=29665"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/29665\/revisions"}],"predecessor-version":[{"id":29667,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/29665\/revisions\/29667"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/29666"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=29665"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=29665"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=29665"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}