Fake Uniswap Website Drains Crypto Wallets as Scammers Pocket $400K

A pretend web site impersonating Uniswap is draining funds from a number of crypto wallets. The distinguished on-chain analyst, pseudonymously identified as “b-block,” warned that the scammers at present management a minimum of $400,000 in stolen belongings.

Users have been urged to rely solely on official hyperlinks and confirm protocols via DefiLlama.

Uniswap Tops List of Most-Targeted Platforms

The newest replace comes a month after safety group SEAL reported a serious rise in malicious Google Ads concentrating on crypto customers. It discovered that attackers have been impersonating well-liked DeFi platforms, wallets, and buying and selling purposes to steal funds.

SEAL said it not too long ago blocked over 356 malicious Google advert URLs tied to crypto scams, which focused platforms such as Uniswap, Morpho Finance, PancakeSwap, Hyperliquid, CoW Swap, and 1inch customers

According to the report, attackers used hacked or fraudulently obtained Google advertiser accounts and relied on cloaking, fingerprinting, and nested iframe supply techniques to bypass Google’s automated evaluate checks. Many of the pretend adverts used trusted Google companies such as websites.google.com and docs.google.com to seem authentic in search outcomes.

SEAL recognized crypto drainer households, together with Inferno Drainer and Vanilla Drainer, as probably the most generally used malware within the campaigns. The report stated these instruments trick customers into signing malicious pockets transactions or coming into restoration seed phrases on cloned web sites, permitting attackers to take management of pockets belongings.

SEAL additionally added that the superior infrastructure used within the assaults, together with Cloudflare Workers, Arweave-hosted payloads, site visitors redirection techniques, and proxy layers, can intercept Ethereum RPC requests and monitor person exercise in actual time.

Uniswap was probably the most impersonated platform, accounting for 41% of tracked malicious websites. Between March 13 and March 30, confirmed and unattributed losses linked to the campaigns exceeded $1.27 million, though the safety group stated the precise determine was seemingly considerably increased.

Rampant Phishing Campaigns

While the latest Uniswap-related scams primarily concerned pretend web sites and malicious Google Ads, a separate phishing marketing campaign earlier this 12 months focused Ledger customers via fraudulent emails. The assault adopted a knowledge breach at Ledger’s third-party e-commerce companion, Global-e, which uncovered buyer contact and order info.

The scammers claimed in emails that Ledger and Trezor had merged and urged customers emigrate their wallets through pretend web sites that requested 24-word restoration phrases. The phishing pages carefully copied the businesses’ official branding and messaging types.

More not too long ago, Ripple CTO David Schwartz warned of a phishing marketing campaign that despatched pretend safety alerts that appeared to return from Robinhood’s official e-mail system. The emails handed authentication checks as a result of attackers exploited Robinhood’s account creation move, which made the messages seem authentic.

The phishing be aware claimed a brand new login from an “iPhone 17 Pro” and prompted customers to evaluate suspicious exercise via a “Review Activity Now” button, which then directed them towards credential theft. Robinhood later confirmed the difficulty, however acknowledged that no techniques have been breached and no funds have been affected.

The submit Fake Uniswap Website Drains Crypto Wallets as Scammers Pocket $400K appeared first on CryptoPotato.