TLDR
- Scammers ran fake Uniswap ads on Google Search, stealing at least $400,000 from crypto users
- Two flagged wallet addresses held around 146 ETH, worth roughly $306,000
- The Security Alliance (SEAL) blocked over 356 malicious ad links, with $1.27 million stolen between March 13โ30
- Attackers bypass Google’s automated checks using legitimate-looking URLs and hidden iframes
- Fake crypto ads have been a steady problem for over a year, with no signs of slowing down
Scammers have been running fake ads on Google Search that impersonate Uniswap, a popular decentralized crypto exchange. The scheme has stolen at least $400,000 from users who clicked on the fraudulent links.
Scammers Steal at Least $400K Through Fake Uniswap Google Ads
On-chain analyst b-block warned that fake Google ads impersonating Uniswap are stealing user funds, with attackers having obtained at least $400,000 so far. Stacy Muur, founder of Web3 marketing agency Green Dots,โฆ pic.twitter.com/QPfjtV0oUi
— Wu Blockchain (@WuBlockchain) May 26, 2026
On-chain analyst “b-block” flagged the issue on X, warning that a fake Uniswap website was draining funds from multiple wallets. Stacy Muur, founder of Web3 marketing agency Green Dots, confirmed the attack and shared a screenshot of the fake sponsored result appearing on Google.
“It’s insane that Google has ignored this issue for years while fake links keep getting pushed above real ones and users keep getting drained,” Muur said.
Etherscan data showed two flagged wallet addresses holding around 146 ETH, worth approximately $306,000 at the time of reporting.
How the Scam Works
The attackers either pay for Google Ads directly or take over legitimate advertiser accounts. They then run fake ads that outbid real crypto platforms for top spots in the “Sponsored results” section of Google Search.
The ads use real-looking URLs to get past Google’s automated detection. A hidden secondary iframe then loads the malicious code, which Google’s systems cannot see.
When users click, they land on near-perfect clones of real crypto apps. All network traffic is secretly routed through attacker-controlled servers, where wallet funds are drained.
DeFiLlama confirmed that fake Google ads are a common phishing method in crypto. The Security Alliance (SEAL), a crypto non-profit, reported a sharp rise in this type of attack in March.
SEAL said it blocked over 356 malicious ad links, calling it “a steady volume of attacker-deployed Google Ads each week for more than a year.” The group added that the campaign is not slowing down and that more users continue to report being affected.
Between March 13 and 30 alone, total funds stolen through these methods reached $1.27 million.
The Problem Goes Beyond Uniswap
The issue is not limited to one platform. In early May, attackers used Google Ads and shared chats from AI chatbot Claude to run a malvertising campaign targeting Mac users.
Security firm Malwarebytes also flagged Facebook as a major platform for fake ads. In February, it reported scammers running paid Facebook ads that looked like official Microsoft promotions.
Those victims were taken to near-perfect copies of the Windows 11 download page, where malware designed to steal crypto and login credentials was installed on their devices.
The pattern shows that attackers are using mainstream ad platforms to run convincing scams across both crypto and general software products. Google, Meta, and other platforms have not released public statements addressing the scale of these campaigns.
