Scammers Drain Over $400K Using Fake Uniswap Google Ads

At least $400,000 has been siphoned from users clicking fake Uniswap advertisements on Google, according to on-chain warnings issued this week. The scheme, highlighted by analyst b-block, used sponsored search results to redirect victims to phishing sites that mimicked the legitimate decentralized exchange.

The losses are tracked on-chain and are likely understated, as many victims may not have reported their stolen funds. Details first surfaced in the original report, which pointed to a sharp escalation in crypto-targeted search ad abuse.

Fake ads on major search engines are not a new phenomenon in crypto. In previous cycles, malicious campaigns targeting wallets like MetaMask and exchanges like Binance drained millions. What makes the Uniswap case notable is the targeting of a decentralized protocol that often serves as an entry point for DeFi newcomers. The combination of a trusted brand and complex wallet interactions creates fertile ground for phishing operators.

How the Fake Ad Scheme Works

Stacy Muur, founder of Web3 marketing agency Green Dots, traced the funds to users who clicked on sponsored Google search results that appeared when searching for “Uniswap.” Those ads led to counterfeit interfaces that captured wallet approvals or seed phrases. The attackers then drained assets from connected wallets.

The modus operandi capitalizes on user trust in the top search results. Many users assume that a sponsored ad on Google is vetted, but malicious actors have long exploited the ad platform’s lax review processes for crypto-related content. This particular campaign managed to pass through Google’s filters, enabling scammers to accumulate at least $400,000 before detection.

Uniswap, the dominant decentralized exchange on Ethereum—a chain that consistently sees top developer activity as tracked in recent ecosystem reports—has been a frequent target for impersonation. Its brand recognition and daily transaction volume make it a lucrative lure for phishing rings.

Rising Phishing Campaigns Exploit Search Ads

Security Alliance (SEAL) previously noted that Google Search phishing campaigns have risen sharply since March, with attackers increasingly purchasing ads or hijacking legitimate advertiser accounts. This method exploits a low barrier to entry; scammers can use compromised credit cards to fund ad campaigns and deploy phishing domains within minutes, making takedowns a whack‑a‑mole exercise.

The current fake Uniswap ads are part of a broader pattern. Earlier this year, similar operations targeted bridges, wallets, and other DeFi protocols. Google’s ad system, which relies on automated review supplemented by user reports, has struggled to keep pace with the speed at which scammers create new campaigns. Once an ad is taken down, another appears within hours.

The surge in ad‑based phishing coincides with the growing popularity of DeFi among retail investors who may not be well‑versed in security practices. Many victims discover these scams only after their wallets are drained, when on‑chain tracing begins.

What This Means for DeFi Users and Platforms

For users, the attack reinforces the need to verify website URLs and avoid clicking sponsored links, especially for wallet‑connected applications. Bookmarking official domains and using hardware wallets remain the strongest defenses. Some security experts recommend installing ad blockers that automatically remove sponsored results from search pages, a step that might have prevented these losses.

For DeFi projects, impersonation via search ads poses a persistent brand‑safety problem. Protocols can file takedown requests with Google, but the response is often reactive. The Open Web and similar decentralized advertising solutions could eventually offer a more secure alternative, but adoption remains limited.

The Uniswap ad scam underscores a persistent tension in the crypto space: while institutional adoption of tokenized assets accelerates—as seen in recent moves like tokenized Treasury settlements—the retail-facing layer remains riddled with basic phishing attacks that erode trust.

Google’s advertising policies ban phishing and deceptive content, yet enforcement gaps persist. The company has not publicly commented on this specific Uniswap campaign. While Google has made efforts to tighten crypto ad policies over the years, the cycle of abuse and reactivation makes it a cat‑and‑mouse game.

Uncertainty remains over how much larger the total losses might be and whether Google will implement new safeguards to prevent future impersonations. What is clear is that as long as search ads remain a high‑conversion vector, scammers will continue to pour resources into them. DeFi users, particularly newcomers, bear the cost of this security gap every time they type a protocol name into a search bar.