Fraudsters Steal $400K via Counterfeit Uniswap Advertisements on Google
Cybercriminals operating fraudulent Google Search advertisements disguised as Uniswap have successfully stolen $400,000 from cryptocurrency wallets, with DeFiLlama identifying this method as "a common source of phishing attacks."
On-chain investigator "b-block" shared information on X this past Monday revealing that a fraudulent site masquerading as the decentralized finance platform Uniswap was siphoning cryptocurrency from numerous wallets, with the perpetrators possessing no less than $400,000 in stolen assets.
It's insane that Google has ignored this issue for years while fake links keep getting pushed above real ones and users keep getting drained.
Stacy Muur
According to Etherscan data, the two identified wallet addresses contained a total of 146 ETH valued at approximately $306,000 at the time this information was gathered.
According to DeFiLlama, "fake ads on Google are a common source of phishing attacks." The Security Alliance (SEAL), a non-profit organization focused on cryptocurrency security, disclosed in April that there had been a "significant uptick" in Google search phishing operations during the month of March.
The fraudulent advertisements employed URLs that appeared legitimate enough to circumvent Google's automatic verification systems, while simultaneously deploying a concealed secondary iframe that loaded the harmful payload, which also remained undetected by Google's security measures.
Those who fell victim to the scheme arrived at highly convincing replicas of authentic crypto applications, with all internet traffic being covertly redirected through servers under the attackers' control, SEAL explained, noting that a total of $1.27 million in funds were misappropriated during the period spanning March 13 through 30.
During the beginning of May, reports emerged that threat actors were exploiting Google Ads alongside legitimate shared conversations from the AI chatbot Claude as part of an ongoing "malvertising" operation that specifically targeted Mac users.
According to Malwarebytes, Facebook has similarly become a breeding ground for fraudulent advertisements and scam operations, with the security firm documenting in February that bad actors were purchasing paid advertisements designed to appear as official Microsoft promotional content.
Those targeted by the scheme were led to nearly flawless duplicates of the Windows 11 download webpage, where malicious software specifically engineered to extract cryptocurrency and login credentials was installed on their systems.