Google searches fake ads stealing $400k! Uniswap impersonation, $1.27 million stolen in two weeks in March

On-chain analysts discover that fake Uniswap ads are ranking in Google search results, stealing at least $400k (about 146 ETH). Cybersecurity organization SEAL states that phishing activities on Google searches increased significantly in March, with $1.27 million stolen in just two weeks.
(Background summary: Uniswap announced the launch of version V4 this year. What core changes will the new upgrade bring?)
(Additional background: $2.1 billion stolen in half a year! Security report: Hackers are shifting focus from smart contracts to regular users. Four tips to protect your crypto assets.)

On-chain analyst b-block pointed out in a X post on Monday that a fake website impersonating the decentralized cryptocurrency exchange Uniswap is stealing funds from multiple wallets, with confirmed stolen amount at least $400k.

Web3 marketing firm Green Dots co-founder Stacy Muur confirmed on X that these funds were stolen through phishing ads on Google search, sharing screenshots of paid ads in search engines. She emphasized, “Google has ignored this problem for years, with fake links constantly ranking above legitimate ones, and users’ funds are being stolen like this.”

According to Etherscan data, two flagged addresses hold a total of 146 ETH, worth about $306k.

Google search phishing surges in March, stealing $1.27 million in two weeks

Cryptocurrency data platform DeFiLlama states, “Fake ads on Google are a common source of phishing attacks.” Non-profit crypto organization Security Alliance (SEAL) released a report in April indicating that phishing activities on Google search saw a “significant increase” in March.

SEAL notes that attackers operate these fake ads by paying for placement or hacking legitimate ad accounts, disguising them as popular protocols, and outbidding real protocols in Google’s “sponsored results” section. These phishing ads use seemingly normal URLs to evade Google’s automatic detection, while hidden iframes load malicious code that Google’s detection systems cannot see.

Victims clicking on these ads are directed to realistic copycat pages of crypto applications, with all web traffic secretly rerouted to servers controlled by attackers. SEAL reports that from March 13 to 30, a total of $1.27 million was stolen. As of the report’s release, SEAL has blocked over 356 malicious ad links.

SEAL warns, “There are no signs of this attack slowing down. We continue to receive reports from affected users.”

Not just cryptocurrencies: Fake ads have spread to other fields

Besides crypto protocols, Google ads are also used to promote malware. A report in early May showed that attackers used Google ads and AI chatbot Claude’s shared conversations to launch “malicious ad” campaigns targeting Mac users.

Facebook is also heavily affected by fake ads. Security software company Malwarebytes reported in February that scammers placed paid ads on Facebook that appeared to be Microsoft official promotions, directing users to near-perfect copies of Windows 11 download pages, which deployed malware designed to steal cryptocurrencies and account credentials.

This serves as a clear warning for crypto users: before clicking any search result, verify that the ad link points to the correct website—this is the first line of defense against fund loss.