Scammers have stolen at least $400,000 from unsuspecting crypto users by running fraudulent Google Ads that impersonate the decentralized exchange Uniswap. The phishing campaign, which has been active for over a year, uses near-perfect clones of the Uniswap website and exploits a sophisticated technique to evade Google’s automated moderation.
On-chain analyst b-block first raised the alarm on X, warning that a fake Uniswap site was draining wallets. Two flagged addresses were found holding approximately 146 ETH, worth around $306,000 at the time. Security non-profit Security Alliance (SEAL) confirmed a surge in such attacks, blocking over 356 malicious ad links between March 13 and 30, 2026, during which total reported losses reached $1.27 million.
The attackers either purchase Google Ads directly or hijack legitimate advertiser accounts, bidding on keywords like “Uniswap” to place their phishing links above authentic results. While the displayed URL appears genuine, a hidden iframe loads the malicious drainer code—unseen by Google’s verification tools. Victims who connect their wallets and approve a single transaction find all their tokens drained irreversibly, with even hardware wallets offering no protection as the transaction is signed by the user.
“It’s insane that Google has ignored this issue for years while fake links keep getting pushed above real ones and users keep getting drained,” said Stacy Muur, founder of Web3 marketing agency Green Dots. DeFiLlama has since promoted its LlamaSearch tool as a safer alternative, while Uniswap creator Hayden Adams has called for an end to the ad-driven economy that enables such scams.
The community advises users to bookmark official domains, avoid clicking sponsored links for DeFi projects, and carefully verify every transaction approval. In parallel, Uniswap’s DAO is pushing forward with Protocol Fee Expansion Vote 96, aiming to activate fee collection and UNI token burns on BNB Chain, Polygon, and Celo in addition to existing chains.
