Uniswap accounted for 41% of malicious websites connected to crypto phishing campaigns uncovered by SEAL researchers in March.
A fraudulent website posing as Uniswap is stealing funds from several crypto wallets. Prominent on chain analyst known as “b block” warned that the scammers currently hold at least $400,000 in stolen assets.
Users have been advised to use only official links and verify protocols through DefiLlama.
Uniswap Becomes the Most Targeted Platform
The latest development comes a month after security group SEAL revealed a sharp increase in malicious Google Ads aimed at crypto users. The group discovered that attackers were impersonating leading DeFi platforms, wallets, and trading apps to steal digital assets.
SEAL disclosed that it blocked more than 356 malicious Google ad URLs linked to crypto scams targeting users of platforms such as Uniswap, Morpho Finance, PancakeSwap, Hyperliquid, CoW Swap, and 1inch.
According to the report, attackers relied on hacked or fraudulently acquired Google advertiser accounts while using cloaking, fingerprinting, and nested frame delivery systems to evade Google’s automated review process. Many fake ads also exploited trusted Google services such as sites.google.com and docs.google.com to appear credible in search results.
SEAL identified crypto drainer families including Inferno Drainer and Vanilla Drainer as the malware most frequently used in these campaigns. These tools trick users into signing malicious wallet transactions or submitting recovery seed phrases on cloned websites, giving attackers complete access to wallet assets.
The security group further explained that the sophisticated infrastructure behind the attacks used Cloudflare Workers, Arweave hosted payloads, traffic redirection systems, and proxy layers capable of intercepting Ethereum RPC requests and monitoring user activity in real time.
Uniswap emerged as the most impersonated platform and represented 41% of all tracked malicious websites.
Between March 13 and March 30, confirmed and unattributed losses connected to these campaigns exceeded $1.27 million, although SEAL believes the true figure is much higher.
Phishing Campaigns Continue to Spread
While the recent Uniswap related scams centered on fake websites and malicious Google Ads, another phishing campaign earlier this year targeted users of Ledger through fraudulent emails.
The attack followed a data breach involving Ledger’s third party e commerce partner, Global-e, which exposed customer contact details and order information.
Scammers falsely claimed in emails that Ledger and Trezor had merged and instructed users to migrate their wallets through fake websites requesting 24 word recovery phrases. The phishing pages closely imitated the official branding and communication style of both companies.
More recently, David Schwartz warned about another phishing campaign involving fake security alerts disguised as emails from Robinhood. The emails passed authentication checks because attackers exploited Robinhood’s account creation process, making the messages appear authentic.
The phishing email claimed there was a new login from a “Phone 17 Pro” and urged users to review suspicious activity through a “Review Activity Now” button. Victims who clicked the button were redirected to credential theft pages.
Robinhood later acknowledged the issue but confirmed that no systems were breached and no user funds were compromised.#crypto#cryptonewshttps://coinsignals.net https://t.me/coinsignalpublic
