A user of the prediction market platform Polymarket has suffered a devastating loss of hundreds of thousands of dollars in cryptocurrency after falling victim to a fraudulent advertisement for Uniswap that appeared as a top sponsored result on Google. The victim, known as "Ika," publicly shared the incident, describing it as a blow to their entire net worth and the "final consequence of a long chain of bad decisions."
Uniswap founder Hayden Adams responded to the incident, calling the situation "horrible" and stating that his team has fought these types of frauds for years. He directly criticized the online advertising ecosystem, arguing that "the ad economy needs to go" due to its role in facilitating such scams. The attack method is not new; scammers purchase advertising space on search engines to target keywords like "Uniswap," directing users to cloned, malicious websites. Once a victim connects their wallet and signs a transaction, attackers can drain all assets.
The specific tool used in this attack is identified as AngelFerno, a wallet-draining script operating on a "scam-as-a-service" model. This code has been used in previous attacks against protocols like OpenEden and Curvance. Attackers employ obfuscation tactics such as using Punycode addresses with Cyrillic characters to make fraudulent URLs appear identical to legitimate ones.
This case has reignited criticism of Google's inability to effectively police its advertising platform. Forensic investigator ZachXBT called for severe consequences against the company. The incident is part of a broader, alarming trend. In January 2026 alone, the value of cryptocurrency stolen through exploits and scams reached $370.3 million, the highest monthly figure in 11 months. A similar attack in July 2025 resulted in a single user losing $1.2 million to a fake Uniswap ad.
