Scammers Steal Over $400K Through Fake Uniswap Google Ads

Scammers have stolen more than $400,000 from crypto users by purchasing sponsored Google Ads that place fraudulent, near-perfect clones of the Uniswap website at the top of search results [2, 3]. On-chain data shows that two primary attacker addresses held 146 ETH, valued at approximately $306,000 at the time of reporting, as part of a broader campaign that has persisted for over a year [1, 3].

The phishing operation relies on bypassing Google’s automated moderation tools by using legitimate-looking URLs in ad previews [1]. Once a user clicks the ad, a hidden secondary iframe loads a malicious payload that redirects traffic to attacker-controlled servers [1, 3]. Victims who connect their wallets and sign a transaction inadvertently authorize a drainer contract, which then withdraws all tokens in a single, irreversible operation [3].

Security researchers from the non-profit Security Alliance (SEAL) report that this is part of a systemic issue, noting a significant uptick in phishing activity on Google Search since March [1]. Between March 13 and March 30 alone, SEAL blocked over 356 malicious advertisement links associated with similar campaigns, which resulted in total losses of $1.27 million [1, 3]. Attackers frequently outbid legitimate crypto protocols to secure the top "Sponsored" position, effectively weaponizing the search engine's ad placement system to build false credibility [1, 2].

The persistence of these scams has drawn sharp criticism from industry figures, including Uniswap creator Hayden Adams, who has questioned the search engine's ad economy and lack of proactive moderation [3]. While analysts suggest that users should bookmark official domains or use verification tools like DeFiLlama’s LlamaSearch, the technical sophistication of the ads—which sometimes host phishing pages on trusted subdomains like sites.google.com—makes it difficult for even cautious users to distinguish them from legitimate results [2, 3].

Uniswap Governance and Expansion

While the platform deals with the fallout of these phishing attacks, the Uniswap DAO is simultaneously moving forward with Proposal 96, also known as "Protocol Fee Expansion: Vote 3" [3]. This initiative seeks to enable fee collection and UNI token burning on the BNB Chain, Polygon, and Celo [3]. If passed, the proposal will bypass the standard request-for-comment process and move directly to an on-chain vote, expanding the protocol's fee-collection reach to 11 chains beyond the Ethereum mainnet [3].

As search engines struggle to filter out sophisticated malicious advertisements, the burden of security remains on the user, leaving the crypto community to debate whether platforms that profit from ad revenue bear responsibility for the resulting financial losses [3].