- A dealer misplaced a six-figure portfolio to Uniswap’s faux Google adverts.
- Attackers use Punycode URLs and faux websites to idiot even skilled {hardware} pockets customers.
- Hayden Adams stated Uniswap has been preventing counterfeit apps and fraudulent promoting for years.
Hayden Adams, founding father of Uniswap, warned that cryptocurrency phishing scams associated to internet marketing stay a critical menace. This occurred after a dealer misplaced a mid-six-figure portfolio in a single commerce as a result of a faux Google advert disguised as a protocol.
Adams stated in a put up on He revealed that whereas ready for official App Retailer approval for a number of months, faux Uniswap purposes appeared and that regardless of repeated experiences, fraudulent adverts continued to reoccur.
Adams added that “the federal government has banned third-party instruments like uBlock that deal with this situation,” and argued that the digital promoting mannequin “must be abolished.”
Whole portfolio disappears in a single click on
The most recent sufferer is a DeFi dealer referred to as @ika_xbt who stated he misplaced his total mid-six-figure web price after clicking on a sponsored Google search end result that mimicked Uniswap’s interface. The faux web site prompts him to connect with his pockets and signal a malicious transaction, giving the attacker entry to empty funds inside seconds.
The stolen property reportedly included holdings saved in two {hardware} wallets, representing years of buying and selling throughout unstable market cycles. After the incident turned public, pals and colleagues flooded the feedback part with messages of help.
The assault was decided to be the results of a pockets exfiltration software referred to as AngelFerno, and is described as a “fraud as a service” operation focusing on DeFi customers. Comparable front-end phishing assaults have beforehand impersonated different crypto platforms utilizing practically equivalent web site designs and misleading domains.
Associated: Hundreds of thousands of {dollars} in cryptocurrency leaked as a result of pockets poisoning and phishing scams
Google Adverts are on hearth
On-chain researcher ZachXBT claimed that the full losses related to Google-hosted phishing adverts have been within the 9 figures and known as for accountability. He argued that executives ought to face the implications of failing to curb the unfold of malicious sponsored hyperlinks.
Safety corporations reminiscent of Chainaracy have beforehand warned that Google search adverts are a significant assault vector. In July 2025, a DeFi consumer reportedly misplaced $1.2 million in a virtually related rip-off utilizing fraudulent adverts on Uniswap.
The mechanism is straightforward however devastating. Scammers purchase Google stock based mostly on search phrases like “Uniswap” or “DeFi swap.” Their malicious websites will probably be displayed above the official outcomes. When a consumer connects to their pockets and indicators a transaction, the drain script empties their account.
DeFiLlama builders have spent years constructing instruments that scale back the chance of phishing. One contributor urged customers to keep away from Google altogether and as a substitute depend on verified DeFi hyperlink directories or bookmarked official URLs.
Evolution of phishing infrastructure
AngelFerno operates throughout a number of domains, a few of that are already on the GitHub phishing blocklist. Attackers are more and more utilizing Punycode URLs that exchange characters with visually related Cyrillic characters. This makes faux domains virtually indistinguishable from official ones at first look.
This case reveals that even skilled merchants utilizing {hardware} wallets can nonetheless change into victims. Victims acknowledged that the losses weren’t simply unhealthy luck, however a results of frequent on-chain exercise that elevated publicity to malicious hyperlinks.
Uniswap stays one of the standard decentralized exchanges, permitting customers to trade tokens with out handing over management to a central platform. Nevertheless, its recognition additionally makes it a typical goal for scammers who create faux copies of the positioning.
Adams warns that crypto customers want to stay vigilant as phishing methods have gotten more and more refined.
Associated: Snail e-mail rip-off focusing on Trezor and Ledger customers
Disclaimer: The knowledge contained on this article is for informational and academic functions solely. This text doesn’t represent monetary recommendation or recommendation of any type. Coin Version will not be chargeable for any losses incurred because of using the content material, merchandise, or providers talked about. We encourage our readers to do their due diligence earlier than taking any motion associated to our firm.