Crypto Scammers Exploit Google Ads To Drain $400K From Uniswap Users

Security researchers say Google’s advert platform has been weaponized for over a 12 months, with menace actors operating pretend sponsored hyperlinks that funnel unsuspecting crypto customers to phishing websites designed to empty their wallets.

How The Attack Works

The scheme targets individuals looking for Uniswap, the decentralized change, by putting fraudulent advertisements above the authentic website in Google’s sponsored outcomes part.

Attackers both buy advert area outright or break into present advertiser accounts to run the pretend listings, then outbid the true protocol to safe the highest place.

What makes the advertisements exhausting to catch is how they’re constructed. The phishing hyperlinks use URLs that look genuine, whereas a hidden secondary component quietly masses the malicious code — invisible to Google’s automated assessment programs.

Victims who click on by means of land on convincing replicas of the true Uniswap platform, with all their community exercise routed silently by means of attacker-controlled servers.

Community alert:

A web site impersonating Uniswap is draining funds from a number of wallets.

The scammers are at present holding a minimum of ~$400,000.

0x37925684BA178821b4436E06e67f5dBD6cfA49Bb
0x2fC25F46cC49D226eF92E9A7665f3d2821F3c5E2

Please solely use official hyperlinks, and… pic.twitter.com/JikqftTVHY

— b-block (@b_block_oficial) May 25, 2026

On-chain analyst “b-block” raised the alarm on Monday after tracing stolen funds to addresses linked to the pretend Uniswap website.

At the time of writing, two flagged wallets held a mixed 146 ETH, valued at roughly $306,000. The whole haul is estimated at a minimum of $400,000.

A Year Of Losses

The nonprofit Security Alliance, generally known as SEAL, has been monitoring the broader sample. According to the group, there was a pointy rise in this kind of phishing exercise in March, with $1.27 million stolen between March 13 and 30 alone.

SEAL mentioned it blocked greater than 356 malicious advert hyperlinks, describing that quantity as typical of weekly attacker exercise sustained for greater than a 12 months — and mentioned the tempo has not slowed.

Stacy Muur, founding father of Web3 advertising company Green Dots, shared a screenshot of 1 such sponsored end result and mentioned scammers had used it to steal funds from customers. She known as out Google straight, saying the corporate has let the issue persist for years whereas customers proceed to lose cash.

DeFiLlama, a crypto information platform, echoed the priority, calling pretend Google advertisements a typical and recurring supply of phishing assaults concentrating on the crypto neighborhood.

Two scammers have already stolen ~$400,000 from customers by means of a phishing @Uniswap advert on Google.

It’s insane that Google has ignored this situation for years whereas pretend hyperlinks preserve getting pushed above actual ones and customers preserve getting drained.

This is the primary end result that popped out… https://t.co/Ov488s9DIl pic.twitter.com/qStRGq8qTE

— Stacy Muur (@stacy_muur) May 25, 2026

The Threat Spreads Beyond Google

The Uniswap case is a part of a wider sample hitting a number of platforms and audiences. Reports point out that in early May, attackers have been abusing each Google Ads and shared chat hyperlinks from AI instruments to push malware concentrating on Mac customers in an lively marketing campaign.

Meanwhile, stories be aware that Facebook has seen an identical wave of pretend paid advertisements, with scammers mimicking official Microsoft promotions and directing customers to counterfeit Windows 11 obtain pages loaded with credential-stealing malware.

SEAL mentioned it continues to obtain stories from victims and that the marketing campaign exhibits no signal of stopping.

Featured picture from Unsplash, chart from TradingView