Google mistakenly promoted a fake version of the Unichain website that spammed users with requests to drain their wallets.
Analysis
As the buzz around crypto exchange Uniswap’s new Ethereum layer 2 builds, scammers have decided to take advantage of the situation to promote a fake website on Google that claims to promote the network.
The website, originally located at unlchalindefi[.]com, claimed to be the official site for Uniswap’s Unichain network. But in reality, it did not offer a new network with user-friendly apps.
Instead, it stole all of the user’s cryptocurrency and transferred it to the site’s developers, who were not affiliated with Uniswap at all, according to warnings presented in the Web3 wallet MetaMask.
As this article was being written, the website was taken down, indicating that its hosting service may have discovered the scam and decided to stop supporting it. However, the technique used in the scam illustrates common pitfalls that Web3 users will need to avoid in order to preserve their funds.
On Oct. 10, Uniswap Labs, Uniswap’s developer, announced that it had launched a testnet for an upcoming Ethereum layer 2 called “Unichain.” The new network will eventually feature a block-building protocol that will allow transactions to “feel” as if they have been processed in 250 milliseconds, the announcement stated. In addition, it will allow “seamless multichain swapping,” letting traders access greater liquidity and avoid slippage.
The announcement, which was published on the team’s official blog at Uniswap.org, stated that a mainnet for Unichain was coming “later this year.” Only a testnet was launching immediately.
On the day of the announcement, Uniswap Labs also launched an official website for the new network at Unichain.org. However, over the next few days, this website failed to reach the top of Google search results for the term “Unichain,” as it was overshadowed by the much more popular blog post announcement.
Related: Uniswap Labs, UNI holders could make $468M a year from new L2: DeFi Report
The scammers seem to have realized that the website’s lack of domain authority presented an opportunity. They created a version of the site that looks exactly like the real one, except that it featured a “connect” button where “get started” should have been and a “bridge” button where “read the docs” should have been.
They then purchased advertising from Google, allowing them to place their site at the top of Google search results, albeit with the disclaimer that the site’s placement was “sponsored.” The advertisement featured the URL for the real Unichain website but redirected users to the fake site’s URL if they clicked on it.
Google later removed this advertisement, restoring the blog post to the top of search results. Because the real Unichain website was not featured on search results during this time, the scam may have been especially difficult for users to spot, especially if they were in a hurry.
Blockchain analytics platform Scam Sniffer discovered the deceptive search results on Oct. 15 and reported them on X.
Cointelegraph reporters tested the fake website and app using an empty wallet. After pressing “connect,” the site requested a wallet connection in the usual manner. However, immediately after the connection was approved, the site began spamming the user with requests to confirm a transaction. If the transaction was rejected, the site immediately pushed the transaction back to the wallet again. The only way to stop the spam was to close out the browser’s tab.
When connecting using MetaMask, each transaction contained a warning from Blockaid stating, “This is a deceptive request. If you approve this request, a third party known for scams will take all of your assets.”
The scam appears to have been taken down quickly, so it’s possible that the scammers were unable to drain any wallets this time. However, the technique illustrates just how easy it is for Web3 users to lose their funds.
In general, Web3 users should not click on advertisements for protocols from within Google, as these are often scam sites that have managed to circumvent the search engine’s filters. In addition, when interacting with a new web app, they should consider carefully inspecting transactions to make sure that they understand what they are approving, as scammers often count on users clicking “confirm” without thought.
The malicious transaction attempted to make a function call to an address ending in a0000. This account has interacted with numerous accounts labeled as “Fake_Phishing” by Etherscan, indicating that transacting with it is extremely risky.
Magazine: Plus Token’s $1.3B ETH could be sold, ‘Crypto King’ arrested: Asia Express
According to Unichain’s documents, it is only in a testnet phase of development. This means that users can only bridge funds to it from other testnets such as Sepolia. Any site that claims to allow users to bridge from a mainnet to Unichain now is probably a scam.
In its announcement, Uniswap claimed that it intends to launch a mainnet “later this year,” at which point end-users should be able to bridge their assets from other networks onto it.
Google ads for fake protocols have posed a constant threat to Web3 users despite Google’s continuing attempts to develop better filters to stop scammers. In December, Scam Sniffer released a report stating that attackers had drained over $59 million from users over nine months using the technique.
This article first appeared at Cointelegraph.com News