TL;DR
- Incident Summary: Aave surpassed $60 billion in net deposits only to face a large-scale phishing campaign delivered via malicious Google Ads impersonating the protocol’s official investment portals.
- Attack Vector: Scammers purchased top Google search ads leading to fake Aave domains that prompt users to connect wallets and grant transaction approvals, risking irreversible loss of all assets.
- Safety Measures: Investors are urged to verify URLs, bookmark official platforms, transfer compromised funds to secure addresses, and revoke approvals using services such as Revoke.cash to limit phishing damage.
Aave, the decentralized liquidity protocol, marked a significant milestone of $60 billion in net deposits on Wednesday. Yet, just a day later, investors received warnings about a widespread phishing campaign being conducted via Google Ads. According to security researchers at PeckShield, malicious ads impersonated official Aave investment sites to trick users into linking crypto wallets to fraudulent platforms. This rapid shift from celebration to caution underscores the persistent vulnerabilities in DeFi.
#PeckShieldAlert Fake "Aave" ads are topping Google search results.
The phishing site is aaxe[.]co[.]com.
The ads are designed to drain your wallet through malicious transaction signatures. pic.twitter.com/LdVHMflFAT
— PeckShieldAlert (@PeckShieldAlert) August 7, 2025
Record Net Deposits Milestone
Aave was the first DeFi protocol to reach $60 billion in net deposits across fourteen networks, which is three times more than in August 2024. According to Token Terminal data, it grew from $18 billion last year to this new record. Token Terminal data shows growth from $18 billion a year ago to this new high. The milestone reflects strong demand for permissionless lending and borrowing services and cements Aave’s position at the forefront of decentralized finance innovation.
Sophisticated Google Ads Phishing Campaign
On Thursday, blockchain investigation firm PeckShield raised the alarm about an active phishing campaign propagated through Google Ads. Fraudsters bought ad spots that showed up at the top of search results for Aave, leading users to counterfeit websites that looked like the real protocol interface. These deceptive ads were difficult to distinguish from official links and leveraged the trust users place in top search rankings.
Security analysts emphasize that this attack demonstrates how threat actors are increasingly targeting advertising platforms to gain legitimacy. Immediate community alerts followed. Definitive takedowns remain challenging.
Risks and Potential Losses for Users
Once an investor clicks a malicious ad, the fake site prompts wallet connection and requests transaction approvals. Granting these permissions can allow scammers to access and drain all assets in the wallet since blockchain transactions are irreversible. Although precise losses have not been confirmed, the high reach of Google Ads suggests substantial risk to both retail and institutional participants.
Best Practices to Stay Safe
Users should always verify website URLs before interacting and bookmark official platforms for easy access. If a wallet has been compromised, transferring assets immediately to a secure address and revoking approvals at services like Revoke.cash can limit damage. Enabling hardware wallets and avoiding unknown third-party links also reduces exposure to phishing threats.
