Uniswap phishing scam reports have intensified after fraudsters used Google Ads to direct users to fake versions of the decentralized exchange.
The campaign placed sponsored links above the real platform, increasing the risk for users searching for Uniswap. Victims lost funds after connecting wallets and approving malicious transactions.
Scammers Imitate Uniswap Through Sponsored Links
Scammers targeted the keyword “Uniswap” and bought sponsored ad placements that appeared before legitimate search results. The fake pages closely copied the official interface and used deceptive web addresses that looked reliable during quick checks.
Some fake sites appeared on Google-related domains, including sites.google.com subdomains. The attackers reportedly used clean preview links for ad checks, then loaded malicious content through hidden secondary frames.
Once users connected their wallets, the pages pushed transaction approvals that gave drainer contracts access to their assets. After approval, the contracts removed tokens in a single on-chain action.
Hardware wallets did not stop the losses because users still approved the malicious transaction. Blockchain records showed two attacker addresses holding about 146 ETH, valued between $306,000 and more than $400,000 in reported losses.
SEAL Data Shows Wider Google Phishing Activity
Security Alliance data showed a wider rise in Google phishing campaigns between March 13 and March 30, 2026. The group said more than 356 malicious URLs were blocked during that period.
Those attacks caused total losses of about $1.27 million, according to the same security data. The Uniswap-linked phishing campaign has also continued for more than a year, with attackers shifting domains after takedowns.
On-chain analyst b-block issued a community alert on May 25, 2026. The alert identified attacker wallet addresses and warned users to rely only on verified project links.
Stacy Muur, founder of Web3 marketing, also criticized the continued appearance of fake sponsored links. She said search platforms had failed to act fast enough while users continued losing funds.
DeFiLlama responded by promoting LlamaSearch, a crypto-focused search tool with verified project domains. The service is available as a Chrome extension and through its search platform.
Uniswap Governance Vote Moves Forward
The security concerns come as Uniswap’s DAO reviews Proposal 96. The proposal seeks to expand UNIFication protocol fee collection and UNI token burns to BNB Chain, Polygon, and Celo.
The system already operates on the Ethereum mainnet after its December 2025 rollout. If approved, TokenJar contracts will collect fees from the added chains, while Firepit contracts will burn UNI.
The expansion would increase supported fee chains to 11 beyond Ethereum. Previous deployments covered Arbitrum, Base, OP Mainnet, Soneium, X Layer, Worldchain, Zora, and Celo.
