A DeFi trader lost a mid-six-figure portfolio in a single transaction after clicking a fake Uniswap Google ad tied to drainer Angelferno. Google faces backlash.
A DeFi trader operating under the handle @ika_xbt on X lost an entire mid-six-figure portfolio in a single transaction. One click. Gone.
The drain link traced back to an operator known as Angelferno. A fake Uniswap ad ran on Google. The trader clicked it, signed a transaction, and lost everything in seconds.
“Six figures. Gone. A drain link by the infamous Angelferno,” the trader wrote on X. Two Ledger hardware wallets. Two years of discipline. Wiped in one move.
The portfolio had survived the bear market. It had survived multiple market collapses. But it did not survive a malicious Google ad.
Must Read: Trust Wallet Security Hack: How to Safeguard Your Assets
Google Took the Money Too, Just Not the Way You Think
On-chain analyst ZachXBT flagged the situation on X, calling for accountability at the executive level. Google executives should face criminal liability, he argued, for the volume of theft these ads have made possible. Multi-nine-figure losses tied directly to Google Ads phishing scams, he said. Not a rounding error.
The mechanics are straightforward and brutal. Fraudsters buy Google Ad slots for searches like “Uniswap” or “DeFi swap.” Their fake site ranks above the real one. The user connects their wallet. A drain script empties it.
DeFiLlama developer 0xngmi called it out directly on X, noting years of building tools to prevent exactly this kind of loss. Five different products. None of them is enough. He pointed users toward http://search.defillama.com as a safer way to reach legitimate DeFi links without relying on Google search results.
“I’ve spent years trying to stop these losses,” 0xngmi wrote on X. The scale of the problem has outpaced the fixes.
You Might Also Like: $21M in Seized Bitcoin Returned After Authorities Freeze Transactions
The Slow Bleed Before the Final Drain
The trader behind this loss did not describe it as pure bad luck. In a detailed post on X, @ika_xbt described a chain of decisions that left him exposed. The bear market had not broken him directly. A Polymarket farming strategy did. It kept him active on-chain. It kept him clicking.
“Getting drained isn’t bad luck. It’s the final consequence of a long chain of bad decisions,” the trader wrote. That framing matters. Not because victims are to blame, but because the exposure came from overactivity. Chasing an airdrop on Polymarket pushed the wallet back into active use at exactly the wrong time.
The trade-off he described was sharp. Had he converted to BTC at the cycle top and gone offline, he would have had enough to retire from active speculation. Instead, he kept farming. The bag grew. So did the attack surface.
The loss, he noted, was not purely financial. It represented years of foregone career paths and opportunity costs that could not be measured in dollars alone.
Worth Reading: Ross Ulbricht and Silk Road: The Story That Shaped Bitcoin’s First Era
One Wallet, One Transaction, No Recourse
What makes this case notable is not the amount. Mid-six figures in DeFi is not uncommon. It is the mechanism. A Google-served advertisement delivered a drain script that cleared a carefully maintained, hardware wallet-protected portfolio in a single transaction.
ZachXBT’s estimate puts aggregate losses from this type of scam well past nine figures. That number continues to climb.
The advice from 0xngmi on X is direct: stop using Google to search for DeFi protocols. Use http://search.defillama.com instead. Bookmark real URLs directly. Never trust a sponsored result above a DeFi interface.
As for @ika_xbt, the path forward is offline for now. Find a job. Build stability first. Then, and only then, put capital at risk again.
