Scammers exploit Google Ads route to steal $400K+ from Uniswap users

---

---

Fraudsters have successfully stolen $400,000+ by using sponsored Google ads to push fake websites ahead of the real platform. The scam is designed so that anyone searching for Uniswap on Google sees the false ad first.

Users who have clicked the near-clones of Uniswap’s interface, connected their wallets, and approved just one transaction have lost everything.

How the Uniswap phishing op bypassed Google’s safeguards

As reported by Cryptopolitan, scammers managed to secure Google Ads slots for the keyword “Uniswap” and placed fraudulent websites as the top sponsored results. The phishing pages perfectly mimicked the UI of the legitimate site with deceptive URLs that appeared quite credible at first glance.

⚠️ALERT: $400K+ STOLEN: Scammers are buying @GoogleAds to rank FAKE @Uniswap sites ABOVE the real one

When you search "Uniswap" – the TOP results are now phishing traps designed to drain your wallet@Google phishing attacks have EXPLODED since March according to onchain… pic.twitter.com/Jczz0nRSZ6

Sometimes, the fake copies were hosted on subdomains such as sites.google.com. The scammers avoided automatic moderation by using a valid URL in the ad preview and loading malware through a hidden secondary iframe. This was not caught by any Google verification tools.

The traffic was then redirected to the servers of the attackers. Once the users logged into their wallets and confirmed the transaction, the fund drainer contract withdrew all tokens in a single irreversible blockchain operation. Sadly, the hardware wallet did not provide any protection since the malicious code was signed by the victims.

According to blockchain data, two addresses held 146 ETH, valued at about $306,000 at the time of reporting. According to the Security Alliance (SEAL), there was a surge in Google phishing attacks with duplicate ads from March 13 to March 30, 2026.

This led to the blocking of more than 356 malicious URLs, resulting in a total loss of $1.27 million. The phishing campaign has been around for over a year, with hackers moving to new domains after each takedown. In January 2026, over $370 million was lost due to crypto scams and exploits.

Crypto traders struggle with verification tools

The first community alert about the scam was shared by on-chain analyst b-block on May 25, 2026. The attacker’s web addresses and wallet addresses were identified, and users were advised to use only the official URLs for transactions and to cross-check them using DeFiLlama. 

The founder of Web3 marketing, Stacy Muur, highlighted the concern, saying, “It is insane that Google has been ignoring this problem for so long when fake links keep pushing real links, and users get drained.” 

To address this problem, DeFiLlama offered its LlamaSearch product, which maintains thousands of secure crypto web domains, as a Chrome extension and at search.defillama.com.

Hayden Adams, the creator of Uniswap, has responded directly to this concern on X, and it is more about placing the blame on search engine platforms rather than on end users. 

Uniswap’s Hayden Adam calls for the end of the ad economy. Source: X

According to analysts, the solution does not exist, as Google benefits from ad revenue but fails to be proactive in moderating such promotions.

The community suggests three ways to address the situation: bookmark the legitimate Uniswap domain using its legitimate X account, avoid clicking sponsored links for any DeFi project, and validate each transaction approval.

Uniswap’s expansion vote lies in wait

Uniswap’s DAO has launched Proposal 96, which seeks to enable the UNIfication protocol fee collection and UNI token burn function to operate on three other highly trafficked chains—BNB Chain, Polygon, and Celo.

This is in addition to the Ethereum mainnet, where it has already operated successfully since being rolled out at the end of December 2025. 

Vote:https://t.co/nA0bOlnmmU

As reported by Cryptopolitan, Proposition 96, known as “Protocol Fee Expansion: Vote 3,” leverages the streamlined governance process set forth in the context of UNIfication. The proposal does not follow the request-for-comment (RFC) process; instead, it skips the 5-day snapshot vote and goes straight to an on-chain vote. 

Upon acceptance, the updates will be implemented using TokenJar contracts to collect protocol fees from newly added chains and distribute them via Firepit contracts for burning UNIs.

The new expansion will bring the number to 11, beyond Ethereum’s mainnet, where protocol fees are active. Previous expansions included those on Arbitrum, Base, OP Mainnet, Soneium, X Layer, Worldchain, Zora, and an initial (but later corrected) Celo chain.

If you're reading this, you’re already ahead. Stay there with our newsletter.