Back to the list

Google Advertises Uniswap Phishing Scams


beincrypto.com 07 August 2020 04:30, UTC
Reading time: ~3 m

Google searches recently displayed results and ads for at least three phishing schemes masquerading as the Uniswap decentralized exchange.

BeinCrypto Russia discovered that the world’s most popular search engine was showing results for (and even advertising) scams pretending to be the Uniswap platform.

Earlier today, searching for ‘Uniswap’ in Google resulted in ads for fake sites with the following domains: uniswap.com, uniswapdex.org, and unsiwap.site.

Screenshot of Google results including three paid ads for Uniswap phishing scams – Google

At the time of press, uniswap.com appears in the paid advertisement results, but the site itself was offline.

Uniswap.site changed into a Ukrainian site advertising a payment card called the ‘Kyiv Card.’

Meanwhile, uniswapdex.org auto-forwards to the phishing site appuniswap.live. However, all three sites have been flagged and blocked for users of the Metamask wallet.

Another site, uniswapdex.com (as opposed to .org) seems to be a different interface of the original uniswap.org. This has not been confirmed, but it was not listed on the crypto scam database.

These phishing sites imitated the original, valid site (https://uniswap.org) tricking users into giving away seed phrases and private keys. Initial reports suggest that the perpetrators were able to steal at least 1.5 ETH.

The genuine site has links to the app where users can trade cryptocurrencies and tokens. There is also information and documentation about the Uniswap project. Other interfaces may look very similar but are not genuine.

The perpetrators of these fake sites may morph the interfaces of their landing pages in the future. Therefore, as the real platform progresses, so too can the phishing sites.

The main way to differentiate the true Uniswap from the frauds is how the crypto wallets are connected. In the original Uniswap, connecting the wallet might forward the user to the wallet’s site or present a QR code to confirm ownership. On the fake sites, there is often an error or a request for the private key or mnemonic phrase.

Unfortunately, once the criminals have the private key or seed phrase, they can easily take all the contents of any victim’s wallet. Users should be vigilant about making sure they are on the correct site as well as the risks posed by poor wallet management.

Fake Uniswap interface asks for private keys and mnemonic phrases

Similar searches for Uniswap on the Russian search engine Yandex, Microsoft’s Bing, and privacy-centric DuckDuckGo did not turn up any bogus results.

At this time, Google Ads has made no comment regarding these fake services.

This is not the first time that criminals have taken advantage of the popular blockchain service. In July, BeInCrypto reported that because of Uniswap’s unmoderated DeFi architecture, dozens of tokens created by swindlers arose.

These services appeared to be legitimate versions of projects such as 1inch.exchange, dYdX, bZx, and Tornado.cash.

Back to the list