Scammers have been using Google to deploy malicious phishing advertisements impersonating the crypto protocol Uniswap, which has reportedly netted the attackers at least $400,000. 

The on-chain analyst “b-block” posted to X on Monday that a website impersonating decentralized finance exchange Uniswap was draining funds from multiple wallets and the scammers were holding at least $400,000.

Stacy Muur, founder of Web3 marketing agency Green Dots, said that the scammers had stolen the funds from users through a phishing ad on Google that impersonated Uniswap, and shared a screenshot of a sponsored result from the search engine.

“It’s insane that Google has ignored this issue for years while fake links keep getting pushed above real ones and users keep getting drained,” she said.

Source: Stacy Muur

The two flagged addresses held a combined 146 ETH worth around $306,000, at the time of writing, according to Etherscan.

DeFiLlama said that “fake ads on Google are a common source of phishing attacks.” The crypto non-profit group Security Alliance (SEAL) reported in April that there was a “significant uptick” in phishing activity on Google search in March.

SEAL said that attackers pay Google or hack legitimate advertiser accounts to run convincing fake ads impersonating popular crypto protocols to lure users. Threat actors outbid legitimate crypto exchanges and protocols to achieve a superior position within the “Sponsored results” section on Google Search.

SEAL blocked over 356 malicious advertisement links, a number which is “representative of a steady volume of attacker-deployed Google Ads each week for more than a year,” it added. “The campaign is not slowing down, and we are receiving more reports from affected users.”

Related: ‘TrapDoor’ malware targets crypto dev tools in supply chain attack

The phishing ads used legitimate-looking URLs to bypass Google’s automated checks, while a hidden secondary iframe loads the malicious payload, also invisible to Google’s detection.

Victims land on convincing clones of real crypto apps, with all network traffic secretly routed through attacker-controlled servers, explained SEAL, reporting that $1.27 million in total funds were stolen between March 13 and 30.

In early May, it was reported that attackers were abusing Google Ads and legitimate shared chats from AI chatbot Claude in an active “malvertising” campaign targeting Mac users.

Facebook is also a hotbed of fake ads and scams, according to Malwarebytes, which reported in February that scammers were running paid ads that looked like official Microsoft promotions. 

Victims were directed to near-perfect clones of the Windows 11 download page, where malware designed to steal crypto and credentials was deployed. 

Magazine: Polymarket seeks Japan entry, Harvard dumps entire ETH position: Hodler’s Digest

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.