A counterfeit website impersonating Uniswap is siphoning funds from multiple cryptocurrency wallets. A prominent on-chain analyst who posts under the pseudonym “b-block” warned that the scammers currently control at least $400,000 in stolen assets.
Users are urged to rely only on official links and to verify protocols using trusted aggregators such as DefiLlama.
Uniswap Tops List of Most-Targeted Platforms
The latest update comes a month after security group SEAL reported a major uptick in malicious Google Ads aimed at crypto users. SEAL found attackers impersonating popular DeFi platforms, wallets, and trading applications to steal funds.
SEAL said it recently blocked over 356 malicious Google ad URLs tied to crypto scams. These malicious ads targeted users of platforms including Uniswap, Morpho Finance, PancakeSwap, Hyperliquid, CoW Swap, and 1inch.
According to SEAL’s report, attackers used hacked or fraudulently obtained Google advertiser accounts and deployed cloaking, fingerprinting, and nested iframe delivery techniques to bypass Google’s automated review systems. Many fake ads also abused trusted Google services such as sites.google.com and docs.google.com to appear legitimate in search results.
The security group identified families of crypto-draining malware—most notably Inferno Drainer and Vanilla Drainer—as commonly used in these campaigns. These tools trick users into signing malicious wallet transactions or entering recovery seed phrases on cloned websites, enabling attackers to seize wallet assets.
SEAL added that the attacks employed advanced infrastructure, including Cloudflare Workers, Arweave-hosted payloads, traffic redirection systems, and proxy layers. This setup can intercept Ethereum RPC requests and monitor user activity in real time, increasing the effectiveness of the scams.
Uniswap was the most impersonated platform, accounting for 41% of tracked malicious sites. Between March 13 and March 30, confirmed and unattributed losses linked to these campaigns exceeded $1.27 million, though SEAL said the true toll is likely substantially higher.
Rampant Phishing Campaigns
While the recent Uniswap-related scams mainly relied on fake websites and malicious Google Ads, separate phishing campaigns earlier this year targeted other segments of the crypto community. One such campaign targeted Ledger users via fraudulent emails following a data breach at Ledger’s third-party e-commerce partner, Global-e, which exposed customer contact and order information.
In that campaign, scammers sent emails claiming that Ledger and Trezor had merged and urged recipients to migrate their wallets using fraudulent websites that requested 24-word recovery phrases. The phishing pages closely mimicked the companies’ official branding and messaging to deceive users.
More recently, Ripple CTO David Schwartz warned of a phishing campaign that sent fake security alerts appearing to originate from Robinhood’s official email system. Those emails passed authentication checks because attackers exploited aspects of Robinhood’s account creation flow, making the messages appear legitimate.
One phishing email claimed a new login from an “iPhone 17 Pro” and prompted users to review suspicious activity by clicking a “Review Activity Now” button, which then directed victims to credential-theft pages. Robinhood later acknowledged the issue, clarifying that no systems were breached and no funds were affected.
These incidents highlight the evolving tactics employed by attackers: abusing legitimate advertising channels, hijacking trusted services to host malicious content, and creating convincing replicas of popular DeFi platforms and wallet providers. To reduce risk, users should verify URLs carefully, enable hardware wallet protections where possible, avoid entering seed phrases into any website, and confirm links directly through official project repositories or trusted aggregators like DefiLlama.