Overview
- The phishing ads surfaced in late May and have been traced to scams that together drained at least $400,000 from users, with one reported victim losing more than $400,000 and two attacker-controlled wallets holding about 146 ETH.
- Attackers buy or hijack Google Ads for the keyword “Uniswap,” place near-perfect clones of the exchange, and route traffic through hidden elements so victims who connect wallets and approve a single transaction hand attackers immediate access to funds.
- The nonprofit Security Alliance (SEAL) said it blocked more than 356 malicious ad links and estimated roughly $1.27 million was stolen in a March 13–30 surge, showing the same ad-based playbook has run for months.
- Community leaders including Uniswap founder Hayden Adams and Web3 researchers have publicly urged major ad platforms to act, while Google and other platforms have not published a broad public remedy for the campaign.
- Because blockchain transactions are irreversible, victims cannot recover funds once approved; experts recommend bookmarking official protocol URLs, avoiding sponsored crypto search results, and carefully verifying every transaction before signing.