Uniswap accounted for 41% of tracked malicious websites linked to crypto phishing campaigns uncovered by SEAL researchers in March.
A fake website impersonating Uniswap is draining funds from multiple crypto wallets. The prominent on-chain analyst, pseudonymously known as “b-block,” warned that the scammers currently control at least $400,000 in stolen assets.
Users were urged to rely only on official links and verify protocols through DefiLlama.
Uniswap Tops List of Most-Targeted Platforms
The latest update comes a month after security group SEAL reported a major rise in malicious Google Ads targeting crypto users. It found that attackers were impersonating popular DeFi platforms, wallets, and trading applications to steal funds.
SEAL said it recently blocked over 356 malicious Google ad URLs tied to crypto scams, which targeted platforms such as Uniswap, Morpho Finance, PancakeSwap, Hyperliquid, CoW Swap, and 1inch users
According to the report, attackers used hacked or fraudulently obtained Google advertiser accounts and relied on cloaking, fingerprinting, and nested iframe delivery systems to bypass Google’s automated review checks. Many of the fake ads used trusted Google services such as sites.google.com and docs.google.com to appear legitimate in search results.
SEAL identified crypto drainer families, including Inferno Drainer and Vanilla Drainer, as the most commonly used malware in the campaigns. The report said these tools trick users into signing malicious wallet transactions or entering recovery seed phrases on cloned websites, allowing attackers to take control of wallet assets.
SEAL also added that the advanced infrastructure used in the attacks, including Cloudflare Workers, Arweave-hosted payloads, traffic redirection systems, and proxy layers, can intercept Ethereum RPC requests and monitor user activity in real time.
You may also like:
Uniswap was the most impersonated platform, accounting for 41% of tracked malicious sites. Between March 13 and March 30, confirmed and unattributed losses linked to the campaigns exceeded $1.27 million, although the security group said the actual figure was likely significantly higher.
Rampant Phishing Campaigns
While the recent Uniswap-related scams mainly involved fake websites and malicious Google Ads, a separate phishing campaign earlier this year targeted Ledger users through fraudulent emails. The attack followed a data breach at Ledger’s third-party e-commerce partner, Global-e, which exposed customer contact and order information.
The scammers claimed in emails that Ledger and Trezor had merged and urged users to migrate their wallets via fake websites that requested 24-word recovery phrases. The phishing pages closely copied the companies’ official branding and messaging styles.
More recently, Ripple CTO David Schwartz warned of a phishing campaign that sent fake security alerts that appeared to come from Robinhood’s official email system. The emails passed authentication checks because attackers exploited Robinhood’s account creation flow, which made the messages appear legitimate.
The phishing note claimed a new login from an “iPhone 17 Pro” and prompted users to review suspicious activity through a “Review Activity Now” button, which then directed them toward credential theft. Robinhood later confirmed the issue, but stated that no systems were breached and no funds were affected.
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE position on any coin!
