A phishing campaign impersonating the decentralized exchange (DEX) platform Uniswap has reportedly stolen at least US$400,000 from crypto users through fake Google ads. The scheme exploits sponsored ads displayed in Google search results, directing victims to counterfeit Uniswap websites designed to steal wallet access and digital assets.

The warning was issued by on-chain analyst b-block, who revealed that the attackers had accumulated significant funds from users who were unaware they were accessing phishing websites. According to Stacy Muur, founder of Web3 marketing agency Green Dots, most victims came from users who clicked sponsored links appearing at the top of Google search results.

Phishing Campaign Uses Fake Uniswap Websites

Based on reports circulating within the crypto security community, the attackers created websites closely resembling Uniswap’s official interface. These fake sites were then promoted through Google Ads to appear at the top of search results.

Once users entered the fake site and connected their wallets, the attackers allegedly prompted malicious transaction approvals or stole seed phrases entered by victims. In several cases, victims’ assets were drained within minutes after connecting their wallets.

Stacy Muur explained that this method remains effective because many users still rely on Google Search to access popular crypto protocols. According to her, sponsored ads often appear more convincing than regular organic links.

Crypto Phishing Attacks Have Increased Since March

The Security Alliance (SEAL) had previously warned that Google Search-based phishing campaigns have surged sharply since March 2026. Attackers are reportedly using two primary methods: directly purchasing Google ads or compromising legitimate advertiser accounts to disguise their operations.

According to SEAL, the primary targets are popular crypto protocols such as wallets, crypto exchanges, and DeFi applications with large user bases. In some cases, phishing sites even use domains that closely resemble official websites, making them difficult for inexperienced users to identify.

Security analysts believe the rise in these attacks highlights how phishing has become one of the biggest threats in the crypto sector, especially as market activity and user participation continue to grow.

Impact on the Ecosystem and Risks for DeFi Users

This incident once again highlights the weak security practices among retail users in the decentralized finance (DeFi) ecosystem. Although protocols like Uniswap were not directly hacked, attackers exploited vulnerabilities on the user side through social engineering and manipulated digital advertising.

Phishing cases like this could also damage user trust in DeFi applications, particularly among newcomers who may not yet be accustomed to verifying official domains before connecting their wallets.

Several analysts recommend that users always access crypto platforms through official bookmarks, avoid clicking sponsored ads, and use additional security tools such as burner wallets or approval checkers to minimize the risk of asset theft.

Conclusion

The growing number of phishing attacks conducted through fake Google ads shows that security threats in the crypto industry no longer come solely from smart contract exploits, but also from the manipulation of user behavior. With reported losses already reaching at least US$400,000, this case serves as another reminder that verifying domains and remaining cautious when connecting wallets are essential steps in protecting digital assets.