Fake Aave ads appear at the top of Google search results, prompting fears of phishing attacks

2025/06/20 17:18
A new phishing campaign is targeting cryptocurrency users by impersonating Aave, one of the most widely used decentralized finance platforms.

On June 20, web3 security firm Scam Sniffer issued a warning that fake Aave (AAVE) ads were appearing at the top of Google search results. These ads lead users to malicious websites intended to steal funds, tricking them into signing harmful transactions.

The phishing websites closely resemble Aave’s official platform in terms of user interface and misleading domain names. After connecting a wallet, users are asked to authorize transactions that can steal assets without them noticing. This kind of scam is hard to spot without technical scrutiny and relies on users’ trust in the top search engine results.

The incident resembles a trend observed in 2024, when several high-profile phishing scams resulted in significant losses for the cryptocurrency industry. In one notable case, a fake XRP (XRP) airdrop campaign impersonated Ripple’s CEO and promoted a fraudulent giveaway that directed users to phishing websites. 

Another popular campaign used Google Play sponsored ads to target MetaMask users, resulting in wallet compromises and credential theft. Due to the development of sophisticated techniques such as malicious ad placements, phishing has emerged as one of the most dangerous threats in the digital asset ecosystem.

Adding to the concern, on June 19, Cybernews reported the exposure of 16 billion login credentials, harvested by infostealer malware and stored in unprotected cloud databases. These include login credentials for websites such as GitHub, Apple, Google, and Telegram. 

Although it isn’t directly related to the Aave phishing scheme, this leak could give attackers a wealth of data to start credential-stuffing attacks and more focused phishing campaigns.

Users are cautioned against using search engines to access cryptocurrency platforms. Instead, they should use verified URLs or saved bookmarks. Additional risk mitigation measures include utilizing hardware wallets, turning on multi-factor authentication, and avoiding storing seed phrases in cloud services.

The Aave impersonation scam highlights a persistent security gap in online advertising. Sites like Google and Meta have come under fire for allowing bad actors to profit from sponsored ad placements. As phishing techniques advance, users will need to be protected by more stringent platform-level controls and increased awareness within the crypto community.

