Uniswap phishing scam drains $400K as fake sites target wallets
A fake Uniswap phishing website is draining crypto wallets. On-chain analyst “b-block” says scammers currently control at least $400,000 in stolen assets. Users are advised to use only official Uniswap links and verify protocols via DefiLlama, as the cloned interface can trick victims into approving malicious transactions.
The incident follows a wider campaign reported by security group SEAL. SEAL found Uniswap phishing was the most impersonated, representing 41% of tracked malicious websites tied to crypto phishing campaigns during March. From March 13–30, confirmed and unattributed losses linked to these campaigns exceeded $1.27 million, with the true figure likely higher.
SEAL also reported it blocked 356+ malicious Google Ads URLs. Attackers allegedly used hacked or fraudulently obtained Google advertiser accounts, plus cloaking, fingerprinting, and nested iframes to bypass Google checks. Many ads relied on trusted Google services (e.g., sites.google.com and docs.google.com) to look legitimate in search results.
Malware families such as Inferno Drainer and Vanilla Drainer were used to coerce users into signing malicious wallet transactions or entering 24-word recovery seed phrases on cloned sites. SEAL said the infrastructure (Cloudflare Workers, Arweave-hosted payloads, traffic redirection, proxy layers) can intercept Ethereum RPC requests and monitor user activity in real time.
The report also highlights other phishing vectors, including Ledger-related fake emails after a breach at Global-e, and a Robinhood-themed credential theft email campaign confirmed by Ripple CTO David Schwartz.
Neutral
This is a high-impact security story for users, but it is not a protocol-level change for Uniswap or Ethereum, so broad market fundamentals are unlikely to shift. Historically, major “Uniswap phishing / wallet-drainer” waves tend to trigger short-term volatility in the most-targeted tokens (often briefly hurting sentiment), while the wider market usually absorbs the news once scam takedowns and warnings spread.
In the short term, traders may see localized fear/attention around UNI and Ethereum-based DeFi activity, potentially increasing on-chain risk controls and reducing interaction with unknown front-ends. In the long term, repeated campaigns can sustain caution and reinforce the need for better wallet hygiene, but they typically don’t change demand drivers like liquidity, TVL growth, or macro rates.
Because the article emphasizes confirmed losses ($1.27M range) and a large phishing infrastructure, the immediate relevance is mainly to execution and risk management (avoid spoofed sites, verify via DefiLlama, revoke approvals). Market stability should remain largely intact, hence a neutral view.