Fake Aave ads top Google top search results again, targets investors with phishing links
A fresh wave of fake Aave ads has surfaced at the top of Google search results, pushing a phishing site designed to trick users into signing malicious transactions that drain their crypto wallets.
Summary
- Fraudulent sponsored ads on Google are targeting Aave users.
- The scam mimics Aave’s official site and tricks users into connecting wallets and signing malicious transactions.
- Phishing scams have already drained over $600 million from investors this year alone.
Blockchain security firm PeckShield Alert flagged the threat in an August 7 post, warning that the deceptive ad links lead to a compromised platform designed to imitate the original Aave (Aave) website.
Once clicked, the fake site prompts users to connect their wallets and approve what appear to be normal transactions. But those approvals hand over control to attackers, who can then siphon assets directly from users’ wallets.
This isn’t the first time security experts have raised this alarm. Back in June, Scam Sniffer issued a similar warning about fake Aave ads ranking high on Google search results, urging investors to exercise caution.
Other phishing campaigns have followed a similar playbook. One such scheme promoted a fake YouTube airdrop campaign claiming to offer free Ripple (XRP), featuring a deepfake video impersonating the company’s CEO. crypto.news also reported earlier that an unsuspecting investor recently lost roughly $900,000 to a similar scheme, underscoring the high-scale impact of these acts.
The recurring trend highlights how phishing remains one of the most common ways malicious actors target the crypto industry, with their tactics growing more sophisticated by the day.
Phishing scams hit record high in 2025
A recent Web3 security report from Hacken revealed that phishing and social engineering attacks have already hit a new all-time high in 2025, racking up $600 million in losses. This figure surpasses the full-year total for 2024, making this year one of the worst yet.
Malicious actors deploy all forms of sophisticated tactics, from flooding social media with fake giveaway promotions to impersonating trusted platforms with near-perfect clones, all designed to quietly drain funds once interacted with.
The largest single involved an elderly U.S. investor losing $330 million in BTC to one such sophisticated scheme. Users of crypto exchanges like Coinbase were also targeted, resulting in losses reaching $100 million.
With these tactics growing more polished, the need for stronger security measures and sharper user awareness is more urgent than ever.
How to stay safe
Investors are advised to be extra cautious when navigating crypto-related platforms, especially as even trusted search engines like Google are now being hijacked. Compromised clones often look nearly identical to real websites, but a few simple steps can help you avoid costly mistakes:
- Avoid clicking on sponsored ads, even if they appear at the top of your search: Phishing links are often disguised as trusted platforms but can redirect you to dangerous sites.
- Always double-check the URL: Fake sites often include subtle typos or extra characters. These small edits are red flags
- Be cautious when connecting your wallet: If a site prompts you to approve a transaction without clear context, stop and verify before proceeding.
- Avoid sharing sensitive personal details: Passwords, private keys, and digital signatures should always remain private. No legitimate platform will ever ask you to submit these.
