Scammers pocketed more than $400,000 by running fake Uniswap advertisements on Google Search, the latest phishing campaign to target users of decentralized finance platforms. The ads mimicked the real Uniswap interface, tricking visitors into handing over wallet credentials and funds.
How the scam worked
The attackers bought search ads that appeared when users looked for Uniswap, a popular decentralized exchange. Clicking the ad led to a look-alike site that asked for private keys or seed phrases. Once entered, the scammers drained the wallets. The total loss exceeded $400,000, according to reports tracking the wallet addresses used in the heist.
Google's ad platform has been a recurring vector for crypto phishing. The company vets advertisers, but scammers often slip through by using slightly altered domains and convincing landing pages. This time they impersonated Uniswap, which hasn't released its own mobile app or used certain ad copy that the fakes displayed.
A security blind spot in DeFi
The incident underscores a gap in how decentralized finance projects communicate with users. Uniswap itself can't remove fake ads — only Google can. That leaves users to rely on their own vigilance, a weak defense when search ads carry an implicit seal of trust. The DeFi space, built on code and smart contracts, still depends on centralized platforms like Google and Apple for distribution.
Security researchers have long warned that search-engine phishing is one of the easiest ways to steal from crypto holders. A wallet drained through a fake site leaves no transaction to reverse, no customer support to call. The $400,000 figure represents just one known wallet; the actual haul may be larger.
What users can do — and what's not being done
Basic precautions help: bookmark the real URL, don't click search ads for financial sites, and never enter a seed phrase into any website. But those steps rely on user discipline, not system-level protection. Google has not commented on this specific campaign, and Uniswap hasn't announced any new verification measures. The ads stayed up long enough to cause the damage.
The broader question — how to make search ads safe for DeFi users — remains open. Regulators have yet to set rules for ad platforms that host crypto promotions. Until they do, similar scams are almost certain to repeat.
