Phishing scammers have stolen more than $400,000 by placing fake sponsored ads on Google that look like the real Uniswap website. These ads appeared at the top of search results and sent users to phishing sites that emptied their Web3 wallets.
Phishing scams exploit search engines
On-chain analyst b-block was the first to spot the scam and track where the stolen funds went. The analyst found two main attacker addresses holding about 146 ETH, worth $306,000, along with other ERC-20 tokens taken in the attack.
Web3 marketer Stacy Muur helped spread the word by posting screenshots of the fake ad. The ad came from a misleading Google Business profile called “business.google.com-uniswap,” which shows there are still gaps in how Google checks ads for financial and crypto services.
Two scammers have already stolen ~$400,000 from users through a phishing @Uniswap ad on Google.
It’s insane that Google has ignored this issue for years while fake links keep getting pushed above real ones and users keep getting drained.
This is the first result that popped out… https://t.co/Ov488s9DIl pic.twitter.com/qStRGq8qTE
— Stacy Muur (@stacy_muur) May 25, 2026
Uniswap founder Hayden Adams previously warned that scammers are buying top search terms to trick users. Security Alliance, a security group, said these large-scale phishing scams are on the rise. They recently blocked 356 bad links connected to similar fake ads.
Web3 security remains an institutional challenge
According to reports, digital asset users lost $1.27 million to similar scams in March alone. Scammers take advantage of the fact that people often click on paid ads at the top of search results.
When someone uses the fake site, it asks for a signature that looks like a normal connection request. If the user signs in, the scammer gets access to their tokens and can withdraw them right away, and these search-engine scams keep happening.
Recently, a wallet known as “Bridged DOT Exploiter” created 1 billion fake Polkadot (DOT) tokens via Uniswap v4 on Ethereum and quickly exchanged them for about 108 ETH, worth around $238,000. The entire transaction cost only $0.75 in gas fees.
According to Polkadot, the exploit only affected DOT tokens bridged through Hyperbridge. As a result, the team paused the Hyperbridge service. Other DOT tokens and bridging channels were not impacted.
Enjoyed this? Bookmark DeFi Planet, explore related topics, and follow us on Twitter, LinkedIn, Facebook, Instagram, Threads and CoinMarketCap Community for seamless access to high-quality industry insights.
Take control of your crypto portfolio with DEFI PLANET PRO, DeFi Planet’s suite of analytics tools.
