TL;DR:
- Scammers deployed fake ads on Google Search impersonating Uniswap and stole at least $400,000 in funds from unsuspecting users.
- Two identified addresses held around 146 ETH valued at approximately $306,000, according to Etherscan data.
- Security Alliance blocked over 356 malicious links and warned that the campaign has been active for more than a year with no signs of stopping.
An on-chain analyst identified as “b-block” warned via X that scammers had deployed fake paid ads on Google Search to impersonate the decentralized protocol Uniswap, successfully stealing funds from multiple wallets. According to the post, the attackers accumulated at least $400,000 in stolen assets from unsuspecting users.
Stacy Muur, founder of the marketing agency Web3 Green Dots, confirmed the mechanism used: a sponsored ad on Google that mimicked Uniswap’s official interface. Muur shared a screenshot of the promoted result and directly questioned the platform’s responsibility. “It’s insane that Google has ignored this problem for years while fake links keep appearing above the real ones and users keep getting scammed,” she stated.
Community alert:
A website impersonating Uniswap is draining funds from multiple wallets.
The scammers are currently holding at least ~$400,000.
0x37925684BA178821b4436E06e67f5dBD6cfA49Bb
0x2fC25F46cC49D226eF92E9A7665f3d2821F3c5E2Please only use official links, and… pic.twitter.com/JikqftTVHY
— b-block (@b_block_oficial) May 25, 2026
Google Takes No Action Against the Scammers
The aggregator DeFiLlama noted that fake ads on Google represent a recurring source of phishing attacks. In April, the nonprofit group Security Alliance (SEAL) reported a considerable spike in phishing activity through the search engine during the month of March. The organization explained that attackers either pay Google directly or compromise legitimate advertiser accounts to publish convincing ads impersonating popular crypto protocols. In the sponsored results section, scammers outbid real exchanges and protocols to occupy the most visible positions.
SEAL blocked more than 356 malicious advertising links, a figure that, as the organization noted, “is representative of a sustained volume of Google ads deployed by attackers every week for more than a year.” Between March 13 and 30, funds stolen through this method reached $1.27 million in total.
Phishing Bypasses Automated Filters
Technically, the fraudulent ads use legitimate-looking URLs to bypass Google’s automated controls. A hidden secondary iframe loads the malicious payload without being detected. Victims land on convincing clones of real crypto applications, while all network traffic is covertly routed through servers controlled by the attackers.
The phenomenon extends beyond Google. Malwarebytes reported in February that scammers were also running paid ads on Facebook simulating official promotions from Microsoft, redirecting users to near-perfect replicas of the Windows 11 download page in order to deploy malware aimed at stealing cryptocurrencies and credentials.
