Scammers exploited Google Ads to siphon $1.27 million in crypto, targeting users with cloned DeFi platforms over recent weeks.
Scammers extracted $400,000 through fake Uniswap ads on Google, with two flagged addresses holding 146 ETH worth $306,000 at current prices. The attacks reflect a broader phishing campaign leveraging sponsored search results.
Security Alliance (SEAL) reported a surge in malicious Google Ads impersonating crypto protocols, with over 356 links blocked weekly for over a year. Attackers outbid legitimate exchanges to secure top ad placements, using hidden iframes to bypass detection and redirect victims to cloned apps.
Between March 13 and 30, the campaign stole $1.27 million, with no signs of slowing. Victims unknowingly routed transactions through attacker-controlled servers, enabling fund theft.