Google Ad Scammers Drain Over $400K from Crypto Users Through Fake Uniswap Sites

Table of Contents Cybercriminals have orchestrated a sophisticated advertising campaign on Google Search that imitates Uniswap, a widely-used decentralized cryptocurrency exchange. This fraudulent operation has successfully stolen a minimum of $400,000 from unsuspecting users who accessed the deceptive links. Scammers Steal at Least $400K Through Fake Uniswap Google Ads On-chain analyst b-block warned that fake Google ads impersonating Uniswap are stealing user funds, with attackers having obtained at least $400,000 so far. Stacy Muur, founder of Web3 marketing agency Green Dots,… pic.twitter.com/QPfjtV0oUi — Wu Blockchain (@WuBlockchain) May 26, 2026 Blockchain security analyst “b-block” raised the alarm on X, cautioning that a counterfeit Uniswap platform was siphoning cryptocurrency from numerous wallets. Stacy Muur, who founded Web3 marketing firm Green Dots, verified the assault and published a screenshot displaying the fraudulent sponsored listing on Google. “The fact that Google has allowed this problem to persist for years while counterfeit links continue appearing above legitimate ones and users continue losing funds is absolutely unacceptable,” Muur stated. According to Etherscan records, two identified wallet addresses contained approximately 146 ETH, representing about $306,000 in value at the moment of analysis. The perpetrators either purchase Google Ads legitimately or compromise existing advertiser accounts. They subsequently launch fraudulent advertisements that surpass authentic crypto platforms for premium placement in the “Sponsored results” area of Google Search. The advertisements employ authentic-looking URLs to circumvent Google’s automated screening processes. A concealed secondary iframe subsequently loads the harmful code, which remains invisible to Google’s detection systems. After clicking, victims arrive at nearly identical replicas of genuine crypto applications. All internet traffic is discreetly redirected through servers controlled by attackers, enabling the theft of wallet funds. DeFiLlama verified that fraudulent Google advertisements represent a prevalent phishing technique within cryptocurrency circles. The Security Alliance (SEAL), a cryptocurrency nonprofit organization, documented a significant increase in this attack variant during March. SEAL reported intercepting more than 356 dangerous advertising links, describing it as “a consistent volume of attacker-launched Google Ads appearing weekly for over a year.” The organization emphasized that the campaign shows no signs of diminishing and that additional users continue reporting victimization. During the period from March 13 through 30 exclusively, total stolen funds through these tactics amounted to $1.27 million. This security challenge affects multiple platforms. During early May, cybercriminals leveraged Google Ads alongside shared conversations from AI assistant Claude to execute a malvertising operation directed at Mac users. Cybersecurity company Malwarebytes additionally identified Facebook as a significant platform for deceptive advertisements. In February, the firm documented scammers purchasing Facebook ads designed to resemble official Microsoft announcements. Those targets were redirected to highly accurate duplicates of the Windows 11 download website, where malicious software engineered to extract cryptocurrency and authentication credentials was deployed onto their systems. The evidence demonstrates that cybercriminals are exploiting mainstream advertising platforms to execute persuasive scams targeting both cryptocurrency services and conventional software products. Google, Meta, and comparable platforms have not issued public communications acknowledging the magnitude of these operations.