Uniswap Google Ads Scam: AngelFerno drainer stole $400K from one trader

What happened to the $400K trader

The victim, by their own retelling on X, did what they had done dozens of times before. They typed "uniswap" into Google. They clicked the top result. It was labeled Sponsored and sat above the organic uniswap.org link, the way ads always do now. The destination looked like the Uniswap interface. They connected their wallet, started what they thought was a routine swap, and signed the popup that came up.

Within seconds, every tradable token across their connected addresses moved out. The on-chain total reported across the protos.com and cryptotimes.io writeups landed near $400,000, described by the victim as their life savings. The attacker used a malicious token approval to authorize itself to spend the wallet's balances, then executed a batched transfer that swept everything in a single flow.

Uniswap founder Hayden Adams picked it up publicly, calling on Google to do more about sponsored phishing ads that impersonate the protocol. His call mirrors a complaint Coinbase, Trezor, Ledger, and MetaMask have made for years: search-ad infrastructure keeps approving lookalike domains that real teams cannot get taken down fast enough.

This is not an isolated event. Scam Sniffer's Q1 2026 report logged $6.27 million stolen through signature-phishing alone in the first three months of the year, a 207 percent jump quarter over quarter. Google Ads is one of the highest-converting delivery channels in that wave.

How the fake ad outranked the real Uniswap site

Sponsored placements live above the organic results. They are bought, not earned. A scammer running a clean-looking Google Ads account can outbid Uniswap's own ad spend (or simply target a window when Uniswap is not bidding) and sit at position zero on the search results page for hours or days before takedown.

What makes the trick work is that Google now shows the display URL the advertiser chose, which can look like uniswap.org even when the click destination is a different domain. The user's eye reads "uniswap.org" and clicks. The actual landing page is the punycode clone described below.

We covered the broader version of this attack in our search engine phishing writeup. Coinbase, MetaMask, Trezor, and every major bank have been impersonated through Google Ads in the past 18 months. Pattern stays the same; only the logo changes.

Why Google's brand-impersonation filter keeps failing

Google publishes a Safety Report claiming billions of bad ads removed per year. The number is real. The problem is throughput: scammers rotate landing pages in minutes, swap LLC names every few days, and run ads in geographic windows where Google's review is slowest. By the time the ad is gone, the wallet is empty. There is no Google-level appeal that brings funds back.

The Punycode clone: looks like uniswap.org, isn't

The landing page lived on a Punycode domain. Punycode is the encoding that lets non-ASCII characters appear in URLs. International domains use it legitimately, but attackers abuse it to substitute lookalike characters from Cyrillic, Greek, or Armenian alphabets.

In this campaign the fake URL used a Cyrillic а (U+0430) in place of the Latin a in "uniswap." The two characters render identically in most fonts. In the address bar, the URL reads as uniswap.org. Behind the scenes it resolves to xn--uniswp-pyc.org or a similar punycode-encoded host. Modern browsers display a punycode warning only when the script mix is suspicious, and many homograph attacks slip past that heuristic.

This is the same playbook we documented in the stable.xyz lookalike drainer, the free-hosting Vercel drainer pages, and the Hyperliquid airdrop checker scam. The brand changes, the homograph mechanic does not.

How AngelFerno actually empties the wallet

AngelFerno is what the underground market calls a drainer-as-a-service kit (DaaS). The operators of AngelFerno run the smart contract and the back-end. Affiliates run the front-end (the phishing site) and split a cut, usually 20 to 30 percent, with the kit operators. This is the same business model that Pink Drainer ran before its end-May shutdown, and the same model Inferno Drainer, MS Drainer, and Angel Drainer operate today.

The technical flow on a Uniswap-style clone goes like this. The fake site loads what looks like the Uniswap swap UI. You click "Connect Wallet." MetaMask, Rabby, or Coinbase Wallet pops up and asks for connection. Connection alone does not move funds.

Next, you click "Swap." Instead of building a real Uniswap transaction, the site asks your wallet to sign a Permit2 signature. Permit2 is a real Uniswap contract that lets a user grant token-spending allowance to a third party without sending a transaction. It is meant for legitimate UX (gas-free approvals). Drainers weaponize it because a signature feels safer than a transaction; users get trained to click through signature popups and most wallet UIs do not surface the spender address and amount clearly.

The malicious Permit2 payload requests unlimited spending allowance on every valuable token in your wallet, granted to an attacker-controlled router contract, with a far-future deadline. You sign. No transaction is broadcast at that moment. No gas leaves your wallet. The site shows a generic "swap failed, please retry" error and the page closes.

Minutes or hours later, the attacker submits a single execute transaction calling the Permit2 router with your signed approval. It transfers everything in one batched call. By the time you see the on-chain notification, the funds are bridged out. We have a deeper breakdown of the contract mechanics in our Permit2 signature attack explainer.

Red flags that should have stopped the click

• The result was labeled Sponsored. Real Uniswap rarely buys ads on its own brand name in 2026, and even when it does, the trust assumption "sponsored = legit" is dead.
• The hover URL did not match a known Uniswap host. Real Uniswap lives at app.uniswap.org and uniswap.org. Anything else is suspect.
• The address bar showed the punycode warning (in newer Chrome and Firefox builds). The display flips to xn--... when the script mix is unusual. Users who saw it and ignored it paid for it.
• The wallet popup asked for a Permit2 signature instead of a transaction. On a real swap, you sign a transaction and pay gas. A signature with no gas estimate that requests unlimited allowance on multiple tokens is a drainer pattern.
• The "swap failed" error was instant, with no on-chain hash. Real DEX failures return a revert reason and a transaction hash you can paste into the explorer.
• The page domain did not match the wallet popup origin string. Wallets show the requesting origin in fine print. Many users do not read it. AngelFerno hosts work because of that gap.

What to do if you already signed

Move now. Every minute is a minute the attacker has to broadcast the execute call. The order of operations matters.

Open revoke.cash on a clean tab. Connect the same wallet. Look at the Permissions tab. Sort by date. Anything signed in the last hour that is not a known protocol is hostile. Revoke it. Each revocation is its own transaction, so you need a small amount of ETH or the chain's native gas token in the wallet to clear them.

If the wallet is on multiple chains, revoke on each. Drainer kits often spray approvals across Ethereum, Base, Arbitrum, Optimism, and Polygon in one signature batch using Permit2's cross-chain capable flow. Check each network on revoke.cash separately.

Move everything left to a fresh wallet. Generate a new seed phrase in a clean app on a different device if possible. Transfer remaining tokens to that new wallet. Do not reuse the old one even after revoking, because more approvals may exist than you can see (some drainer payloads hide spender addresses behind proxy contracts).

If the wallet was a hot wallet on a phone or browser with no hardware key, treat the seed as compromised. The attacker did not need it for this attack, but if any browser extension or any visited site logged or sniffed it, future drains are possible. Retire it.

Report to Chainabuse, the relevant chain's analytics (Etherscan tip line, Blockscout abuse), and file with FBI IC3 if you are in the US. The funds are almost never recovered, but reporting feeds the takedown pipeline that gets the affiliate domains pulled faster. See our wallet-drained recovery guide for the longer 24-hour and 7-day checklist.

How SafeBrowz blocks this threat

SafeBrowz runs a 3-layer detection architecture: Local + APIs + AI.

• Layer 1 - Local detection: 60+ URL patterns + 550+ brand-specific signatures run directly in the browser before the page renders. Punycode and Cyrillic homograph detection is baked in. Any host whose unicode-decoded form matches "uniswap" but whose registrable domain is not uniswap.org gets flagged red. The same logic catches lookalikes for Coinbase, MetaMask, PancakeSwap, Curve, Aave, and every other DEX in the brand database.
• Layer 2 - API checks: aggregates Google Safe Browsing, PhishTank, URLhaus, ScamAdviser, and 30+ scam TLDs server-side. AngelFerno affiliate domains tend to surface on PhishTank within a few hours of going live. The API tier picks them up automatically.
• Layer 3 - AI deep scan (Premium): 100+ language content analysis catches novel variants that have no entry in any blocklist yet. When a fresh AngelFerno landing page loads, the AI scan compares structure (Uniswap-style UI, wallet connect button, swap form) against the real brand and against the visited domain. A mismatch returns a danger verdict in seconds. Premium also adds wallet-drainer script signature matching for the Inferno, Angel, Pink, MS, and AngelFerno families directly.

Detection signatures are derived from threat-intelligence research and our internal brand database, not from user browsing data. SafeBrowz does not store per-user browsing history.

Frequently asked questions

What is AngelFerno and is it new?

AngelFerno is a drainer-as-a-service kit, meaning a packaged smart contract plus drainer back-end that affiliates rent to run their own phishing sites. It is not new in concept (Inferno Drainer, Angel Drainer, MS Drainer, and Pink Drainer used the same model) but it became one of the more active kits in spring 2026 after Pink Drainer announced its shutdown at the end of May. Affiliates of older kits migrate to whichever operator still pays out and still rotates infrastructure fast enough.

How did the attacker outrank uniswap.org on Google?

By buying a sponsored ad slot. Google Ads sells the position above organic results. Anyone with a clean-looking Ads account can target the keyword "uniswap" and outbid the protocol or appear when Uniswap is not actively bidding. Google's brand-impersonation filter does not catch every lookalike landing page, especially when the affiliate rotates LLC names and creative every few days. Hayden Adams publicly called on Google to act on this exact pattern in late May 2026.

What is a Permit2 signature and why is it dangerous?

Permit2 is a real Uniswap contract that lets a wallet grant token-spending allowance to a third party by signing a typed message rather than sending an on-chain transaction. Legitimate apps use it for gas-free approvals. Drainers abuse it because a signature feels safer than a transaction (no gas, no popup confirming a value transfer) and most wallet UIs do not surface the unlimited-amount or far-future-deadline parameters clearly. Once signed, the attacker can call execute later and sweep every approved token in one batched transaction.

How can I tell a Punycode lookalike URL from a real one?

Click the address bar and look at the full URL. Modern Chrome and Firefox display the punycode-encoded form (starts with xn--) when the unicode script mix looks unusual. If the URL flips to xn--... when you click in, the page is using non-Latin characters that look like Latin ones. Real uniswap.org is pure ASCII. Better yet, never reach DEXes from search results. Bookmark the real domain and reach it from the bookmark only.

Can I recover the $400K if I was the victim?

Direct recovery from the drainer wallet is almost never possible. The funds get bridged through mixers (Tornado Cash on the source chain or eXch on alt-chains) within minutes. Realistic paths are: file with FBI IC3, report on Chainabuse, alert the relevant DEX team (Uniswap Labs has a dedicated address for these reports), and notify any centralized exchange the funds touched so they can freeze if the attacker tries to off-ramp. Recovery scams promising guaranteed recovery for an upfront fee are themselves scams. Do not pay any third party promising to "trace" or "recover" funds.

Does SafeBrowz block fake Uniswap sites before the wallet popup?

Yes. Layer 1 local detection runs before the page renders, so the SafeBrowz danger overlay appears before the page can request a wallet signature. Uniswap is in the 550+ brand database. Punycode and Cyrillic homograph detection catches the standard AngelFerno URL pattern. Premium adds AI deep scan and drainer-script signature matching for new affiliate domains the moment they go live. Free version covers the majority of known patterns. Install link is at the top and bottom of this page.

Last updated 2026-05-30