Fake Google Ads redirecting crypto users to phishing sites that steal wallet funds and recovery phrases

Cybercriminals are abusing Google Ads to target cryptocurrency users with fake ads that mimic popular platforms, leading to wallet drainers and seed phrase theft. Victims clicking these ads are redirected to cloned websites designed to steal funds or capture sensitive recovery phrases, resulting in major financial losses.

Fake Google Ads redirecting crypto users to phishing sites that steal wallet funds and recovery phrasesFake Google Ads redirecting crypto users to phishing sites that steal wallet funds and recovery phrases

Researchers report a surge in these campaigns throughout 2026, targeting platforms like Uniswap, PancakeSwap, and Ledger. Attackers use advanced techniques such as cloaking, fake Google-hosted pages, and man-in-the-middle proxies to bypass detection and monitor user activity in real time.

This large-scale operation has already caused over $1.2 million in losses, with the real impact likely higher. Users are advised to avoid clicking sponsored links, use bookmarked URLs, and verify crypto platforms before connecting wallets to stay protected.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Total Security Multi Device