Hackers stole over $400,000 from crypto users through fake Uniswap Google ads that appeared above links to legitimate websites.
Hackers used Google Ads to impersonate Uniswap, stealing over $400,000.
A wave of phishing attacks impersonating the Uniswap DEX using Google Ads is causing a stir in the crypto community after hackers allegedly stole at least $400,000 from numerous victims by paying to have their fake websites appear in the "Sponsored" section of Google Search, even appearing above the official Uniswap website when users search.
According to a post by an account named "b- Block" on May 26th, a fake Uniswap DEX website appeared in the "Sponsored" section of Google Search, stealing funds from various wallets.
This account indicates that wallet addresses associated with this scheme currently hold at least 146 ETH, equivalent to approximately $306,000 according to Etherscan data at the time this article was Chia . The total amount of stolen assets is believed to have exceeded $400,000.
In addition, well-known crypto KOL Stacy Muur also warned that many users have reported losing assets after accessing these fake Uniswap DEX exchange advertisements.
Stacy Muur also posted screenshots showing that this phishing website was displayed by Google in the "Sponsored" position, even above the official Uniswap link. She stated:
"It's insane that Google has ignored this issue all this time, allowing fake links to constantly appear on legitimate websites while users are being drained of their resources."
Google Ads is becoming a new phishing weapon for hackers.
According to defillama, fake Google ads have now become one of the most common methods for phishing scams in the crypto market.
In a report published in April 2026, the crypto security organization Security Alliance (SEAL) Chia that the number of phishing attacks via Google Search has increased sharply since March of this year.
Between March 13th and March 30th alone, these types of phishing attacks caused crypto users to lose a total of approximately $1.27 million.
The organization said it has blocked more than 356 malicious advertising links related to Google Ads over the past year. However, SEALs warned that the new wave of phishing shows no sign of slowing down and the number of victims continues to rise.
Statistics from SEALs show that Uniswap is currently the most frequently impersonated protocol by hackers, with 144 phishing links, accounting for approximately 41% of the 352 fake crypto project websites recorded. Following closely behind is Morpho Finance with 110 fake links, and PancakeSwap in third place with 23 links.
Scamming groups often pay for Google Ads themselves to promote their fake websites, or hack legitimate advertising accounts to bypass Google's review system.
Then, they will spend more money than legitimate crypto projects on advertising their phishing websites. As a result, these links will be prioritized by Google and displayed at the top of the "Sponsored" list when users search for keywords like Uniswap, MetaMask, or major crypto exchange .
The danger is that these fake websites are now made to look almost identical to the real websites of crypto projects, making it very difficult for users to realize they are accessing phishing links.
Furthermore, the attackers even used seemingly legitimate links to bypass Google's automated verification system. Meanwhile, the actual malware was hidden inside a concealed iframe, making it virtually undetectable by Google.
When users access a fake website and connect their crypto wallet, their data is silently transferred to servers controlled by hackers. From there, they can inject malware to steal wallet access and withdraw all of the user's assets without the user's knowledge.
