A phishing campaign impersonating Uniswap through Google Search sponsored ads caused more than $400,000 in losses, according to an analyst alert published on May 25, 2026. On-chain. The scheme used a copy of the official website to trick users into obtaining permission to drain funds from their wallets.
The alert was initially disseminated by researcher @b-block who identified two wallets associated with the attackers that had accumulated stolen funds. The addresses shown are 0x37925684BA178821b4436E06e67f5dBD6cfA49Bb and 0x2fC25F46cC49D226eF92E9A7665f3d2821F3c5E2, Balances are close to $179,000 and $204,000 between Ether and USDC respectively.
Among the victims is an operator named @ika_xbt. he claimed to have lost his entire portfolio After hacking into a fake version of Uniswap promoted through Google ads, it was worth more than $400,000.
What you should pay attention to is the attack. No protocol vulnerabilities or smart contract flaws were exploited. The mechanism was much simpler: the attackers bought ads associated with the word “Uniswap” and were able to place the cloned page above the legitimate link.
Once inside, The interface showed almost the same design as the original. Users connected to their wallets, began seemingly normal operations, and ended up signing malicious spending authorizations. After its approval, the contract gained sufficient access to transfer assets from the compromised wallet.
This model known as malvertisingbecame One of the main fraud vectors against decentralized finance users. This tactic combines paid advertising, social engineering, and excessive permissions to circumvent the need to compromise the protocol’s technical infrastructure.
The situation also reignited criticism of Google and other search platforms. Uniswap founder Hayden Adams once again questioned the existence of deceptive advertising related to the protocol. He criticized the lack of strong measures to stop this type of campaign.
So far, researchers have On-chain While monitoring platforms will continue to track the movements of identified wallets, the community recommends the following: Validate links using tools like DeFiLlamause your saved bookmarks and carefully review each permission request before signing.
Security organization SEAL (Security Alliance) has warned of a continued increase in phishing campaigns related to search engine advertising since March 2026. According to the records, between March 13th and 30th They blocked over 356 malicious links related to this type of operation. Meanwhile, its reported losses in that short period amounted to approximately $1.27 million.
Certainly, when episodes are added, A series of recent warnings about phishing in the cryptocurrency ecosystem. In early 2026, CriptoNoticias reported a campaign targeting MetaMask users simulating a fake authentication process to steal seed phrases.
Meanwhile, according to a report by security firm Scam Sniffer, phishing losses on Ethereum will drop to about $84 million in 2025. More sophisticated vectors emerge After Pectra incorporated EIP-7702, it became possible for multiple malicious actions to be hidden within a single signature.
This episode goes beyond one or more specific cases and illustrates a relevant change in the security landscape. Risk is no longer just focused on technical failures and exploits, but on the access layer. Search engines, ads, and cloned pages are priority targets for attackersThis could lead to new verification measures in wallets, automated filters for fraudulent domains, and further regulatory pressure on advertising of financial services related to cryptocurrencies.
(Tag to translate) Cryptocurrency
