According to Cointelegraph: As Uniswap Labs introduced its new Ethereum Layer 2 network, Unichain, opportunistic scammers capitalized on the buzz by promoting a fake Unichain website via Google ads. The scam site aimed to steal users' cryptocurrency by mimicking Uniswap’s official page, presenting another example of how Web3 users must stay vigilant.
Fake Unichain Website Targets Uniswap Users
On October 10, Uniswap Labs announced the launch of the Unichain testnet, promising fast transactions and multichain swaps. While the legitimate testnet site went live at Unichain.org, scammers launched a fake site at unlchalindefi[.]com, redirecting traffic from Google advertisements.
The fraudulent site imitated Unichain’s branding but altered key elements—such as replacing the “Get Started” button with a “Connect” button. Users who connected their wallets were spammed with malicious transaction requests aimed at draining their funds.
Google Ad Exploit Increases Risk
The scam site briefly topped Google search results through sponsored ads, which deceptively displayed the URL for the legitimate Unichain website. Upon clicking the ad, users were redirected to the malicious page. This exploit highlighted how scammers use Google ads to bypass search engine filters and target Web3 users.
MetaMask and Scam Sniffer Alerts
Users connecting through MetaMask received warnings from Blockaid, alerting them to the scam’s attempt to steal their assets. Additionally, Scam Sniffer, a blockchain analytics platform, identified the scam and flagged it on social media.
How the Scam Worked
Once a user connected their wallet to the fake site, the website spammed them with transaction requests. Even when rejected, the site continuously sent new requests, making it difficult for users to exit without closing the browser tab. The transactions were tied to an address flagged by Etherscan as a phishing account, increasing the risks of interaction.
Google Takes Action, but Threats Persist
The scam ad was removed by Google shortly after it was reported, restoring Uniswap’s official blog post to the top of search results. However, the brief visibility of the fake site underscored how easy it is for users to fall victim to such schemes. Google’s ongoing challenges in preventing these scams raise concerns about Web3 security.
Uniswap's Real Unichain Testnet Still in Development
It’s important to note that Unichain is currently in testnet mode, meaning that no real funds should be transferred to it. As of now, Uniswap’s official announcement confirmed that mainnet support will launch later in 2024, enabling users to bridge assets securely at that time. Any website claiming to offer mainnet bridging capabilities to Unichain is likely fraudulent.
How to Stay Safe from Web3 Scams
With phishing scams becoming more sophisticated, users must follow these best practices to protect their funds:
Avoid Google Ads for Protocols: Many scam sites appear as sponsored ads, bypassing search engine filters. Stick to official announcements and trusted sources.
Check URLs Carefully: Ensure you are accessing the official website by verifying URLs and avoiding redirects.
Use Wallet Warnings: Pay attention to MetaMask or other wallet alerts that flag suspicious transactions.
Inspect Transactions: Always review transaction details carefully before confirming to avoid approving malicious actions.
Testnet vs. Mainnet Awareness: Be aware of which networks are still in testnet phases to avoid falling for scams claiming mainnet access.
A Persistent Threat in Web3
The fake Unichain site is a reminder of the persistent risks Web3 users face. As Uniswap continues its development and prepares to launch the mainnet version of Unichain, users should remain cautious and rely only on official channels for updates. Despite Google's efforts to prevent such scams, attackers continue to exploit loopholes, making user awareness essential to staying safe in the decentralized finance ecosystem.
In December 2023, Scam Sniffer reported that more than $59 million was stolen through fraudulent ads over nine months, illustrating the scale of this ongoing threat. As the Web3 landscape evolves, vigilance will be critical to ensuring safe adoption and participation in new protocols.