Imposter Uniswap Site Pilfers Crypto Wallets as Scammers Acquire $400K

A fraudulent website that mimics Uniswap is siphoning off funds from various crypto wallets, with notable on-chain analyst “b-block” revealing that the scammers now possess at least $400,000 in stolen assets. Users are advised to stick to official links and validate protocols via DefiLlama. Uniswap is the most frequently targeted platform, with this warning emerging a month after security firm SEAL identified a significant uptick in malicious Google Ads aimed at crypto users. SEAL's findings indicated that fraudsters were impersonating well-known DeFi platforms, wallets, and trading applications. Recently, SEAL blocked over 356 deceptive Google ad URLs linked to crypto scams that targeted platforms like Uniswap, Morpho Finance, PancakeSwap, Hyperliquid, CoW Swap, and 1inch. Attackers typically utilized hacked or fraudulently acquired Google advertising accounts, employing techniques like cloaking and nested iframe delivery systems to evade Google's automated scrutiny. Many of these misleading ads cleverly used trusted Google domains, like sites.google.com and docs.google.com, to seem credible. SEAL also recognized malware families, including Inferno Drainer and Vanilla Drainer, as prevalent tools in these schemes, which deceive users into approving harmful wallet transactions or entering recovery seed phrases on counterfeit websites. The report highlighted that the sophisticated infrastructure supporting these attacks, utilizing services like Cloudflare Workers and traffic redirection systems, enables real-time interception of Ethereum RPC requests and user activity monitoring. Uniswap accounted for 41% of all tracked malicious sites, with losses tied to these campaigns surpassing $1.27 million between March 13 and March 30, although the actual damage may be notably higher. While the recent scams related to Uniswap focused on fraudulent websites and malicious ads, a different phishing campaign earlier this year targeted Ledger users through deceptive emails following a data breach at Ledger's third-party partner, Global-e. The scammers misinformed users that Ledger and Trezor had merged, directing them to fake sites that requested their 24-word recovery phrases, closely mimicking the official branding and messaging. More recently, Ripple CTO David Schwartz alerted users about a phishing campaign involving fake security notifications that appeared to originate from Robinhood’s email system. These emails successfully passed authentication checks due to attackers exploiting Robinhood's account creation process to make them seem legitimate. The message claimed suspicious activity from an “iPhone 17 Pro” and urged users to review it via a “Review Activity Now” button, which ultimately led to credential theft. Robinhood later confirmed the incident, asserting that no systems were breached and user funds remained secure.