A new phishing campaign is targeting cryptocurrency users by impersonating Aave, one of the most widely used decentralized finance platforms. On June 20, web3 security firm Scam Sniffer issued a warning that fake Aave ( AAVE ) ads were appearing at the top of Google search results. These ads lead users to malicious websites intended to steal funds, tricking them into signing harmful transactions. The phishing websites closely resemble Aave’s official platform in terms of user interface and misleading domain names. After connecting a wallet, users are asked to authorize transactions that can steal assets without them noticing. This kind of scam is hard to spot without technical scrutiny and relies on users’ trust in the top search engine results. 🚨 ALERT: Fake "Aave" ads top Google search results right now! ⚠️ These phishing ads are designed to drain your wallet through malicious transaction signatures. pic.twitter.com/tjoY85vckA — Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) June 20, 2025 The incident resembles a trend observed in 2024, when several high-profile phishing scams resulted in significant losses for the cryptocurrency industry. In one notable case, a fake XRP ( XRP ) airdrop campaign impersonated Ripple’s CEO and promoted a fraudulent giveaway that directed users to phishing websites. You might also like: Tether CEO announces server-free password manager after 16 billion data breach Another popular campaign used Google Play sponsored ads to target MetaMask users, resulting in wallet compromises and credential theft. Due to the development of sophisticated techniques such as malicious ad placements, phishing has emerged as one of the most dangerous threats in the digital asset ecosystem. Adding to the concern, on June 19, Cybernews reported the exposure of 16 billion login credentials, harvested by infostealer malware and stored in unprotected cloud databases. These include login credentials for websites such as GitHub, Apple, Google, and Telegram. Several collections of login credentials reveal one of the largest data breaches in history, totaling a humongous 16 billion exposed login credentials. The data most likely originates from various infostealers. Unnecessarily compiling sensitive information can be as damaging as… — Cybernews (@CyberNews) June 19, 2025 Although it isn’t directly related to the Aave phishing scheme, this leak could give attackers a wealth of data to start credential-stuffing attacks and more focused phishing campaigns. Users are cautioned against using search engines to access cryptocurrency platforms. Instead, they should use verified URLs or saved bookmarks. Additional risk mitigation measures include utilizing hardware wallets, turning on multi-factor authentication, and avoiding storing seed phrases in cloud services. The Aave impersonation scam highlights a persistent security gap in online advertising. Sites like Google and Meta have come under fire for allowing bad actors to profit from sponsored ad placements. As phishing techniques advance, users will need to be protected by more stringent platform-level controls and increased awareness within the crypto community. Read more: Nobitex hackers leak full source code after $100m crypto heist
