A day after Aave reached $60B in deposits, scammers used Google Ads for a phishing attack, stealing an undisclosed amount of crypto.
Aave recently became the first to reach $60 billion in net deposits. The celebration was short-lived, however, because just a day after the announcement, scammers launched a phishing attack that targeted Aave users through Google Ads.
How the Aave Phishing Attack Exploited Google Ads
The phishing campaign targeting Aave used a common but dangerous scam method. The bad actors behind the scam created fake websites that looked similar to Aave’s real platform.
They then promoted them using Google Ads.
#PeckShieldAlert Fake "Aave" ads are topping Google search results.
The phishing site is aaxe[.]co[.]com.
The ads are designed to drain your wallet through malicious transaction signatures. pic.twitter.com/LdVHMflFAT
— PeckShieldAlert (@PeckShieldAlert) August 7, 2025
When users searched for Aave, these ads would then appear at the top of the results. And when clicked, users would get directed to the scam site where they would be prompted to connect their crypto wallets.
If a user complied, the scammers gained access to their funds and could drain the wallet completely. These attacks are especially dangerous because blockchain transactions are irreversible. This means that once the funds are gone, they can’t be recovered.
Why This Attack Matters for the DeFi Space
Aave’s growth shows how much trust it has gained in the DeFi ecosystem. The platform saw deposits rise from $18 billion last year to $60 billion as of writing across 14 different blockchain networks.
This success makes Aave the perfect target for scammers. As new investors flood in, criminals see an opportunity to launch scam campaigns like this one and cash in. According to security firm PeckShield, the Aave attack is part of a larger trend of advertisement-based phishing scams.
This isn’t the first time crypto scammers have used this method. Some time last year, attackers used Google Ads to impersonate Revoke.cash, which is a site used to remove wallet permissions.
Yesterday, we received reports of people seeing unknown approval transactions in their transaction history.
It turns out that this is a new scam where scammers use so-called gas tokens to steal money when victims revoke these "fake approvals". pic.twitter.com/vpY2sGIv0T
— Revoke.cash (@RevokeCash) July 9, 2023
That campaign led to hundreds of thousands of dollars in stolen funds by the time it was discovered.
How to Spot and Avoid Aave Phishing Scams
It’s easy to get caught in a phishing trap, especially when it’s advertised on Google. However, there are steps every user can take to stay safe.
Firstly, don’t trust ads blindly; even if an ad appears at the top of your search results, it could be fake. In addition, scammers often use subtle misspellings (like aaxe.com or aaave.org) to disguise the scam URL as a real one..
Finally, if you’re unsure about a website, do not connect your wallet. Instead, leave the page immediately.
If you believe you’ve clicked on a phishing link or connected your wallet to a fake platform, you should act fast.
Transfer your funds immediately to a secure wallet and use tools like Revoke.cash to remove any permissions you may have granted. Finally, stop using the compromised wallet. Scammers tend to monitor these wallets for years until the perfect opportunity emerges.
These steps won’t undo the damage if funds are already stolen. However, they can help prevent further loss.
Why Phishing Attacks Are Becoming Harsher
The rise in scams can be attributed in part to advancements in AI. Criminals are using tools like AI-generated content, fake social proof and aged online accounts to build trust.
Some YouTube channels even post AI-generated tutorials that promote fake smart contracts and trading bots. This combination of fake credibility and well-placed ads tricks users into a false sense of security.
Last year alone, crypto users lost more than $4.6 billion to scams. Interestingly, nearly 40% of the harshest thefts involved AI-generated tools. This shows how scalable phishing attacks are becoming and emphasises the need for security even more.
