Key Highlights
- Fraudulent advertisements mimicking Uniswap on Google Search have resulted in theft of at least $400,000 from cryptocurrency holders
- Blockchain investigators identified two suspicious wallet addresses containing approximately 146 ETH, valued at roughly $306,000
- The Security Alliance (SEAL) successfully prevented access to more than 356 dangerous advertising links, while $1.27 million was stolen during March 13–30
- Cybercriminals evade Google’s automatic verification systems through authentic-appearing URLs combined with concealed iframes
- Deceptive cryptocurrency advertisements have persisted as an ongoing threat for more than twelve months without decline
Cybercriminals have orchestrated a sophisticated advertising campaign on Google Search that imitates Uniswap, a widely-used decentralized cryptocurrency exchange. This fraudulent operation has successfully stolen a minimum of $400,000 from unsuspecting users who accessed the deceptive links.
Blockchain security analyst “b-block” raised the alarm on X, cautioning that a counterfeit Uniswap platform was siphoning cryptocurrency from numerous wallets. Stacy Muur, who founded Web3 marketing firm Green Dots, verified the assault and published a screenshot displaying the fraudulent sponsored listing on Google.
“The fact that Google has allowed this problem to persist for years while counterfeit links continue appearing above legitimate ones and users continue losing funds is absolutely unacceptable,” Muur stated.
According to Etherscan records, two identified wallet addresses contained approximately 146 ETH, representing about $306,000 in value at the moment of analysis.
Anatomy of the Scam Operation
The perpetrators either purchase Google Ads legitimately or compromise existing advertiser accounts. They subsequently launch fraudulent advertisements that surpass authentic crypto platforms for premium placement in the “Sponsored results” area of Google Search.
The advertisements employ authentic-looking URLs to circumvent Google’s automated screening processes. A concealed secondary iframe subsequently loads the harmful code, which remains invisible to Google’s detection systems.
After clicking, victims arrive at nearly identical replicas of genuine crypto applications. All internet traffic is discreetly redirected through servers controlled by attackers, enabling the theft of wallet funds.
DeFiLlama verified that fraudulent Google advertisements represent a prevalent phishing technique within cryptocurrency circles. The Security Alliance (SEAL), a cryptocurrency nonprofit organization, documented a significant increase in this attack variant during March.
SEAL reported intercepting more than 356 dangerous advertising links, describing it as “a consistent volume of attacker-launched Google Ads appearing weekly for over a year.” The organization emphasized that the campaign shows no signs of diminishing and that additional users continue reporting victimization.
During the period from March 13 through 30 exclusively, total stolen funds through these tactics amounted to $1.27 million.
The Threat Extends Beyond Uniswap
This security challenge affects multiple platforms. During early May, cybercriminals leveraged Google Ads alongside shared conversations from AI assistant Claude to execute a malvertising operation directed at Mac users.
Cybersecurity company Malwarebytes additionally identified Facebook as a significant platform for deceptive advertisements. In February, the firm documented scammers purchasing Facebook ads designed to resemble official Microsoft announcements.
Those targets were redirected to highly accurate duplicates of the Windows 11 download website, where malicious software engineered to extract cryptocurrency and authentication credentials was deployed onto their systems.
The evidence demonstrates that cybercriminals are exploiting mainstream advertising platforms to execute persuasive scams targeting both cryptocurrency services and conventional software products. Google, Meta, and comparable platforms have not issued public communications acknowledging the magnitude of these operations.
