Fake Uniswap V4 Airdrop Phishing Network (2026)
Summary
A persistent, multi-vector phishing network impersonating Uniswap across fake airdrops, cloned interfaces, and fraudulent Google Search advertisements has operated across multiple campaigns since at least 2022. The most recent and documented wave, active from late 2025 through May 2026, uses drainer-as-a-service tooling — primarily the AngelFerno kit — to trick victims into signing malicious wallet-approval transactions via Google Ads placed above legitimate Uniswap search results. Verified aggregate losses across the discrete 2025–2026 Google Ads campaign episodes reach approximately $1.63 million; broader industry-wide wallet drainer losses in 2024 reached $494 million across all protocols according to Scam Sniffer, but that figure is not attributable to Uniswap impersonation alone.
Connected Entities
1 entities · 10 linked investigations- + 6 more
Timeline(9 events)
2020-09-01
Uniswap Labs conducts the only legitimate UNI token airdrop. All subsequent airdrop claims using the Uniswap name are fraudulent per official Uniswap support documentation.
Uniswap Labs Official Support2022-07-12
Attackers airdrop a malicious ERC-20 token disguised as a UNI airdrop to approximately 73,399 Uniswap v3 liquidity providers. One victim loses approximately $8 million (7,574 ETH) in WBTC and USDC via a setApprovalForAll exploit on spoofed domain uniswaplp.com. Stolen funds moved through Tornado Cash.
CoinDesk / Bleeping Computer2024-02-16
A fraudster posing as a Uniswap Foundation representative convinces multiple crypto media outlets including DailyCoin and CryptoNews to publish articles about a fabricated $10 million UNI V4 airdrop. CryptoSlate declines after identifying post-publication redirect link manipulation. No confirmed reader financial losses reported.
CryptoSlate2025-01-31
Uniswap v4 officially launches on mainnet across 10 chains, following nine independent audits and a $15.5 million bug bounty program. No protocol vulnerabilities found. Legitimate V4 launch removes the anticipatory lure but scammers continue to use the V4 branding.
Uniswap Blog2025-07-21
A DeFi user loses $1.23 million in Uniswap v3 NFTs after signing a malicious transaction on a phishing site reached via a fake Google Ad. Scam Sniffer reports the incident. AngelFerno drainer implicated in the attack.
crypto.news2025-09-01
Blockaid begins documenting AngelFerno distribution network on X (Twitter), identifying 20 accounts sharing 75 malicious dApps via thousands of automated posts through January 2026.
Blockaid2026-02-17
A DeFi trader known on X as 'Ika' publicly reports losing their entire net worth (reported as mid-six-figures) after clicking a fake sponsored Uniswap link at the top of a Google search. Uniswap founder Hayden Adams issues public warning about fake search ads.
Protos / Cryptonomist2026-03-13
Security Alliance (SEAL) documents the start of a significant escalation in Google Search phishing campaigns targeting multiple DeFi protocols including Uniswap. Over March 13–30, 2026, SEAL attributes $1.27 million in losses across this campaign cluster.
crypto.news / Crypto Briefing2026-05-25
On-chain analyst b-block posts a public warning identifying two attacker wallets holding 146 ETH (~$306,000) linked to the ongoing fake Uniswap Google Ads campaign. Multiple outlets report cumulative losses of at least $400,000 from this campaign wave. SEAL confirms Uniswap accounts for 41% of all detected malicious DeFi phishing sites.
crypto.news / Crypto BriefingDecision Log
- hash: 93dH37kzuFkSnQhEFbyeLFRgxMtZRAbh1vKnKLYxguZR
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 6/7/2026, 11:29:38 PM
last updated: 6/8/2026, 1:35:04 AM
avoid.net — verified advice for a post-truth world