Scammers stole over $400,000 [2] from cryptocurrency users this month by placing malicious sponsored ads on Google Search.
The incident highlights a critical vulnerability in how users access decentralized finance platforms, as trust in search engine rankings can lead victims directly to sophisticated phishing sites.
According to reports, the attackers created sponsored advertisements that impersonated the decentralized exchange Uniswap [1]. These ads appeared at the top of Google Search results for users searching for the platform [4]. Once users clicked the links, they were directed to a counterfeit website designed to mimic the legitimate Uniswap interface [1].
The phishing site tricked users into approving transactions or providing private keys, which allowed the scammers to drain their crypto wallets [1]. Blockchain analyst b-block said the activity involved two attacker addresses [5].
Security efforts to mitigate the campaign have been extensive. The SEAL system reportedly blocked 356 malicious URLs associated with the attack [3]. The total amount stolen is estimated at over $400,000 [2], though some reports list the figure as at least $400,000 [1].
This campaign took place in May 2026 [3]. The attackers exploited the trust users place in paid search placements to bypass traditional security warnings. By the time the fraudulent ads were identified and removed, the scammers had already siphoned funds from multiple victims [1].
“Scammers stole over $400,000 from cryptocurrency users this month”
This attack demonstrates the persistence of 'search engine phishing,' where attackers pay for visibility to override organic search results. Because decentralized exchanges rely on user-held private keys, a single interaction with a fake interface can result in the total loss of assets without the possibility of a bank-style reversal.
