Aave Users Targeted in Google Ads Phishing Scam After $60B Deposit Milestone

Generated by AI AgentCoin World
Thursday, Aug 7, 2025 6:37 am ET2min read
Aime RobotAime Summary

- Aave users targeted by Google Ads phishing scam leading to fake aave.co.com site.

- Attackers trick victims into linking wallets, exploiting smart contracts to drain funds without private keys.

- Scam occurred days after Aave hit $60B in deposits; one user lost $3.05M via malicious contract.

- Experts advise verifying URLs, using Revoke.cash, and hardware wallets; Google bans 90 fake crypto apps.

- DeFi phishing tactics evolve; user vigilance and education critical to mitigate risks.

Aave users have fallen victim to a sophisticated phishing campaign leveraging Google Ads to direct them to fraudulent DeFi websites. The scam involves fake advertisements appearing at the top of Google search results for Aave, leading users to a deceptive domain — aaxe.co.com — designed to mimic the real Aave platform. On August 7, 2025, blockchain security firm PeckShield issued an alert highlighting this threat, noting that the fake site closely resembles the authentic one, making it difficult for users to distinguish between the two [1].

The phishing tactic works by tricking users into connecting their digital wallets to the fake site. Once linked, attackers exploit smart contracts to drain funds without requiring private keys. Instead, victims are manipulated into approving transactions that grant the scammer's address access to their wallets. This type of attack is particularly dangerous in DeFi ecosystems, where transactions are irreversible and protections are limited [1].

The timing of the scam is concerning, as it occurred just days after Aave reported reaching $60 billion in net deposits, a significant milestone for the protocol. Scammers often capitalize on moments of heightened interest, using urgency or false incentives to lure users into compromising their accounts [1]. In a recent case, an individual who clicked on a phishing link and authorized a suspicious transaction lost approximately $3.05 million in USDT. The attack was facilitated by a malicious smart contract that mimicked legitimate app behavior to deceive users into granting unlimited token access [2].

Phishing attacks have surged in the first week of August 2025, with multiple incidents involving fake airdrops, compromised frontends, and malicious Discord bots. These attacks often exploit design patterns and user behaviors, such as creating a sense of urgency or offering exclusive rewards. Once a wallet is linked and a transaction is approved, attackers can quickly execute large-scale withdrawals before the victim even realizes their assets are at risk [3].

Security experts have stressed the importance of user vigilance in the DeFi space. Best practices include verifying URLs before connecting wallets, using tools like Revoke.cash to monitor and revoke permissions, and double-checking transaction details before approving them. Hardware wallets are recommended for storing large balances due to their added security layers. Additionally, staying informed through educational platforms such as unphishable.io can help users recognize and avoid emerging threats [4].

Google has taken measures to address crypto-related scams on its platform, including lawsuits, bans, and policy changes. In early 2024, the company sued two individuals for promoting fake crypto investments through apps on Google Play, disabling 90 fraudulent apps that had accumulated nearly 100,000 downloads. In 2023, Google reported blocking 5.5 billion ads and suspending 12.7 million advertiser accounts for scam-related violations [1]. However, despite these efforts, scammers continue to find ways to bypass filters and promote phishing sites through Google Ads.

The recent Aave phishing case underscores the persistent risks in the DeFi space. As phishing tactics evolve, so must the strategies to combat them. Both users and platform developers must remain proactive in identifying and mitigating these threats. The DeFi ecosystem’s reliance on user responsibility makes education and awareness even more critical in preventing future attacks [4].

Source:

[1] Aave hit by phishing attack day after reaching $60B in net ... (https://cointelegraph.com/news/aave-investors-targeted-phishing-attack-google-ads)

[2] Phishing Link Leads to $3M Loss in Crypto Scam Case (https://www.coingabbar.com/en/crypto-currency-news/investor-loses-3m-in-latest-crypto-scam-with-one-click?srsltid=AfmBOoqe3ycyCp8faiY-b3-OWv_Kn06bNz1Q4ao7kw60R5Yfq9wAnnyA)

[3] Binance Market Insights: Trends on August 7, 2025 (https://m.economictimes.com/crypto-news-today-liveblog/123149180.cms)

Comments



Add a public comment...
No comments

No comments yet