Google Search Scammers Drain Over $400K Through Fraudulent Uniswap Advertisements

Table of Contents Cybercriminals have orchestrated a sophisticated advertising campaign on Google Search that mimics Uniswap, a widely-used decentralized cryptocurrency platform. This fraudulent operation has successfully drained a minimum of $400,000 from unsuspecting victims who interacted with the deceptive advertisements. Scammers Steal at Least $400K Through Fake Uniswap Google Ads On-chain analyst b-block warned that fake Google ads impersonating Uniswap are stealing user funds, with attackers having obtained at least $400,000 so far. Stacy Muur, founder of Web3 marketing agency Green Dots,… pic.twitter.com/QPfjtV0oUi — Wu Blockchain (@WuBlockchain) May 26, 2026 Blockchain researcher known as “b-block” raised alarm bells on X, cautioning that a counterfeit Uniswap platform was systematically emptying funds from numerous digital wallets. Stacy Muur, who leads the Web3 marketing firm Green Dots, corroborated these findings and published evidence showing the fraudulent sponsored listing appearing prominently on Google. “The fact that Google has allowed this problem to persist for years while fraudulent links consistently rank above legitimate ones and victims continue losing money is absolutely unacceptable,” Muur stated. According to Etherscan records, two wallet addresses marked as suspicious contained approximately 146 ETH, representing about $306,000 in value when documented. The perpetrators employ one of two strategies: either purchasing Google Ads accounts outright or compromising existing legitimate advertiser profiles. They subsequently launch deceptive advertising campaigns that outbid authentic cryptocurrency platforms for premium positioning in the “Sponsored results” segment of Google Search. These advertisements utilize convincing URLs designed to circumvent Google’s automated verification processes. An invisible secondary iframe subsequently loads the harmful code, which remains undetectable by Google’s monitoring infrastructure. Upon clicking these advertisements, victims are redirected to meticulously crafted replicas of genuine crypto applications. Every network communication is covertly redirected through infrastructure controlled by the attackers, facilitating the theft of wallet contents. DeFiLlama verified that fraudulent Google advertisements represent a prevalent phishing technique within cryptocurrency circles. SEAL (The Security Alliance), a nonprofit organization focused on crypto security, documented a significant surge in these attacks throughout March. According to SEAL, they successfully blocked more than 356 malicious advertising links, characterizing it as “a consistent influx of attacker-deployed Google Ads weekly for over a year.” The organization emphasized that the offensive shows no indication of diminishing and that additional victims continue coming forward with reports. During the period spanning March 13 to 30 exclusively, cumulative financial losses through these tactics amounted to $1.27 million. This security challenge transcends any individual platform. During early May, threat actors leveraged Google Ads alongside shared conversations from Anthropic’s Claude AI assistant to execute a malvertising operation specifically designed to compromise Mac users. Cybersecurity company Malwarebytes additionally identified Facebook as a significant distribution channel for fraudulent advertisements. In February, the firm documented scammers purchasing Facebook ad space to create convincing imitations of official Microsoft promotional materials. Those unfortunate victims were directed to remarkably accurate duplicates of the Windows 11 download interface, where malicious software engineered to extract cryptocurrency assets and authentication credentials was deployed onto their systems. This recurring pattern demonstrates that cybercriminals are exploiting major advertising networks to execute persuasive scams targeting both cryptocurrency enthusiasts and mainstream software consumers. Neither Google, Meta, nor other affected platforms have issued comprehensive public responses addressing the magnitude of these fraudulent campaigns.