A wave of fraudulent Google advertisements mimicking the decentralized exchange Uniswap has siphoned at least $400,000 from unsuspecting cryptocurrency users. The scam, which relied on paid search ads that appeared identical to the real Uniswap platform, redirected victims to lookalike websites designed to steal wallet credentials and funds.
How the fake ads worked
Scammers bought Google Ads placements that displayed the Uniswap brand name, logo, and official-looking URL in search results. When users clicked these ads, they were taken to websites that closely replicated Uniswap’s interface but were controlled by the attackers. Victims who connected their wallets or entered private keys handed over access to their crypto holdings. The stolen amount — at least $400,000 — reflects confirmed losses reported by affected users, though the actual figure may be higher.
Why the scam succeeded
The ads exploited the trust users place in sponsored search results. Google’s ad system allows advertisers to bid on trademarked terms like “Uniswap,” and the scammers used that permission to push fraudulent links to the top of search pages. Many victims assumed the top result was legitimate because it carried the official Uniswap name and a verified badge — a detail that can be faked in ad copy. The tactic is not new, but the scale of this particular operation caught the crypto community's attention because of the direct financial damage.
What Uniswap users should watch for
The scam highlights a persistent vulnerability in how even careful users interact with web-based crypto platforms. Anyone searching for a decentralized exchange should double-check the destination URL before connecting a wallet. Hovering over an ad link often reveals the true domain — a string of characters that doesn’t match the real site. The legitimate Uniswap interface runs on app.uniswap.org; any variation, such as a different top-level domain or a typo-squatted name, is likely fraudulent. Security forums have also advised users to bookmark official sites rather than relying on search engine results.
Authorities have not publicly named suspects in the operation, and the scammers remain unidentified. The stolen funds have likely been moved through mixers or other obfuscation tools, making recovery difficult. For now, the burden falls on individual users to verify every link before clicking — a lesson that cost at least $400,000 in this case alone.




