Scammers advertise fake Uniswap L2 on Google amid Unichain hype

As the buzz around crypto exchange Uniswap's new Ethereum Layer 2 builds, scammers have taken advantage of the situation to advertise a fake website on Google claiming to promote the network.

The website was first found on unlchalindefi.[.]com, claims to be the official site of the Uniswap Unichain network. But in fact, it did not provide a new network for user-friendly applications.

Instead, it stole all of the user's encryption and passed it on to the site's developers, who were not affiliated with Uniswap, according to a warning on Web3 Wallet MetaMask.

At the time of writing, the website has been taken down, suggesting that the hosting service may have discovered the scam and decided to end support. However, the method used in the scam shows common pitfalls that Web3 users should avoid in order to protect their money.

On October 10, Uniswap Labs, the developer of Uniswap, announced the launch of a testnet for the upcoming Ethereum layer 2 called “Unichain”. The new network will eventually feature a block-building protocol that allows transactions to “feel” like they were processed in 250 milliseconds, the announcement said. In addition, “seamless multi-chain exchange”, allows traders to gain more liquidity and avoid slippage.

An announcement published on the group's official blog at Uniswap.org stated that Unichain's mainnet is coming “later this year.” Only one testnet was starting immediately.

On the day of the announcement, Uniswap Labs launched an official website for the new network at Unichain.org. However, over the next few days, this website failed to reach the top of Google search results for the term “Unichain” as it was overshadowed by a very popular blog post advertisement.

Related: Uniswap Labs, UNI Holders Could Earn $468M Annually From New L2: DeFi Report

The scammers seem to have realized that the website's lack of domain authority created an opportunity. They created a version of the page that looked correct, except it showed a “Connect” button that should have been “Get Started” and a “Bridge” button that should have been “Read the docs”.

They then bought ads from Google, allowing them to place their site at the top of Google search results, despite having a disclaimer that the site's placement was “sponsored”. The ad provided a URL to the real Unichain website but redirected users to a fake site URL if they clicked on it.

Google later removed this ad and returned the blog post to the top of search results. Since the real Unichen website is not featured in search results during this period, the scam can be difficult for users to spot, especially if they are in a hurry.

Blockchain analytics platform Scam Sniffer found the misleading search results on October 15 and reported on X.

Cointelegraph reporters tested a fake website and app using an empty wallet. After clicking “Connect”, the site will ask for a wallet connection in the usual way. However, immediately after the connection was approved, the site started spamming the user with requests to confirm the transaction. If the transaction is rejected, the site immediately pushes the transaction back to the wallet. The only way to stop spam was to close the browser tab.

When you connect using MetaMask, every transaction contains a warning from Blockaid, “This is a fraudulent request. If you approve this request, a fraudulent third party will take all of your assets.

The scam seems to have gone down quickly, so it's possible that the scammers didn't manage to drain any wallets this time. However, the trick shows how easy it is for Web3 users to lose their money.

In general, Web3 users should not click on ads from Google protocols because these are often scam sites that have managed to bypass search engine filters. Additionally, when interacting with a new web application, fraudsters often count on users to click “Verify” without thinking, so they need to scrutinize transactions to make sure they understand what they're authorizing.

The malicious transaction attempted to make a function call to an address ending in 0000. This account interacted with several accounts labeled “fake_phishing” by Eterscan, indicating that it is extremely risky to transact with it.

Magazine: Plus Token May Sell $1.3B ETH: ‘Crypto King' Arrested: Asia Express

According to the Unichain documentation, the testnet is only in the development stage. This means that users can only link funds from other test networks such as Sepolia. Any site that claims to allow users to connect to Unichain from the mainnet is probably a scam.

In its announcement, Uniswap said it plans to launch the main network “by the end of this year,” at which point end users should be able to connect their assets to other networks.

Although Google has tried to build better filters to stop fake ad fraudsters, it has created a constant threat to Web3 users. In December, Scam Sniffer released a report that revealed that attackers used the technique to extort more than $59 million from users.