Uniswap accounted for 41% of tracked malicious websites associated with cryptocurrency phishing campaigns discovered by SEAL researchers in March.
A fake website impersonating Uniswap is draining funds from multiple cryptocurrency wallets. A prominent on-chain analyst known by the pseudonym “b Block” warned that fraudsters currently control at least $400,000 in stolen assets.
Users were asked to rely only on official links and verify the protocol through DefiLlama.
Uniswap tops list of most targeted platforms
The latest update comes a month after security organization SEAL reported a significant increase in malicious Google ads targeting crypto users. It turns out that the attackers were impersonating popular DeFi platforms, wallets, and trading applications to steal funds.
SEAL recently announced that it has blocked over 356 malicious Google ad URLs associated with cryptocurrency scams targeting platforms such as Uniswap, Morpho Finance, PancakeSwap, Hyperliquid, CoW Swap, and 1inch users.
The report said the attackers used hacked or fraudulently obtained Google Advertiser accounts and used cloaking, fingerprinting, and a nested iframe delivery system to evade Google’s automated review checks. Many of the fake ads used trusted Google services like sites.google.com and docs.google.com to display legitimate ones in search results.
SEALs identified the cryptocurrency drainer family, including Inferno Drainer and Vanilla Drainer, as the most commonly used malware in the campaign. According to the report, these tools allow attackers to take control of wallet assets by tricking users into signing malicious wallet transactions or entering a recovery seed phrase on a cloned website.
The SEAL also added that the advanced infrastructure used in the attack, including Cloudflare workers, Arweave-hosted payloads, traffic redirection systems, and proxy layers, was able to intercept Ethereum RPC requests and monitor user activity in real-time.
You may also like:
Uniswap was the most spoofed platform, accounting for 41% of tracked malicious sites. Between March 13 and March 30, confirmed or unattributed losses related to this campaign totaled more than $1.27 million, but the security group said the actual number is likely significantly higher.
Rampant phishing campaign
While recent Uniswap-related scams primarily involved fake websites and malicious Google ads, another phishing campaign targeted Ledger users via fraudulent emails earlier this year. The attack followed a data breach at Global-e, Ledger’s third-party e-commerce partner, which exposed customer contact and order information.
The scammers sent emails claiming that Ledger and Trezor had merged and urged users to migrate their wallets via a fake website that requested a 24-word recovery phrase. The phishing page closely copied the company’s official branding and messaging style.
Recently, Ripple’s CTO David Schwartz warned about phishing campaigns that send fake security alerts. From Robinhood’s official email system. The email passed the authentication check because the attacker exploited Robinhood’s account creation flow to make the message appear legitimate.
The phishing note claimed a new login from an “iPhone 17 Pro” and prompted users to check for suspicious activity through the “Check Activity Now” button, leading to credential theft. Robinhood later acknowledged the issue, but said its systems were not compromised and funds were not affected.
Binance Free $600 (CryptoPotato Exclusive): Receive an exclusive welcome offer of $600 on Binance when you register a new account using this link (more details).
Exclusive offer for Bybit’s CryptoPotato readers: Use this link to register and open a $500 free position on any coin!
