A phishing site impersonating Uniswap drained roughly $400,000 from multiple wallets this month. On-chain investigator b-block identified two attacker-controlled addresses — 0x37925684BA178821b4436E06e67f5dBD6cfA49Bb and 0x2fC25F46cC49D226eF92E9A7665f3d2821F3c5E2 — linked to the scam. The incident comes as the FBI's latest Internet Crime Report shows crypto-related fraud hit $11.36 billion in 2025, a 22% jump from the year before.
How the scam worked
The fake Uniswap site tricked users into connecting their wallets and signing malicious transactions. Once approved, the attacker's contract swept funds. It's a classic signature phishing play, but it still works. Blockchain security firm Scam Sniffer reported $6.27 million lost to similar signature phishing attacks in January 2026 alone. Crypto phishing and spoofing accounted for 7,164 complaints and over $111 million in losses in the FBI's 2025 data.
FBI data paints a grim picture
The FBI logged 181,565 cryptocurrency-related complaints in 2025. That's a record. Losses climbed 22% from 2024, reaching $11.36 billion. The report doesn't break down every type of scam, but phishing and spoofing are clearly a persistent slice of the pie. The agency's numbers likely undercount actual losses — many victims never file a report.
Ongoing fight against phishing
Uniswap founder Hayden Adams has been vocal about the problem. In February 2026, he criticized phishing scams and said the team has been fighting them for years. He also pointed to delays in Apple's App Store approvals for official Uniswap apps, which he argued leaves users more vulnerable to fake versions. Scam Sniffer's January report on signature phishing shows the trend hasn't slowed.
Staying safe
Security guidance remains the same. Revoke unused token approvals. Double-check URLs before confirming any transaction. And avoid clicking sponsored search results when looking for DeFi protocols — scammers buy those ads. Uniswap's official domain is uniswap.org. If you're not sure, don't sign.
The attacker's wallets are still active. Law enforcement hasn't announced any arrests. For now, the best defense is a cautious user.
