Aave Users Targeted In Google Ads Phishing Scam A Day After Platform Hit $60 Billion Net Deposit Mark

On Wednesday, decentralized liquidity protocol Aave (AAVE) became the first DeFi platform to accumulate $60 billion in net deposits, an all-time high, across 14 blockchains. Aave’s net deposits have more than tripled since reaching $18 billion in August 2024.

Net deposits refer to the difference between total supplied assets and borrowed assets. When this metric is positive, it indicates that more money is being lent than borrowed, reflecting capital inflows and rising user confidence.

According to data from DefiLlama, the total value locked on the platform has increased by more than 45% since early July, while network fees rose from $48 million in June to $65 million last month. Aave’s protocol revenue is also up, highlighting heightened usage and borrower activity.

Net Deposits on Aave Hit $60 Billion – Scammers Take the Opportunity to Launch Phishing Attack on Users

However, just a day after Aave achieved the milestone, which was framed by the protocol’s founder, Stani Kulechov, as evidence of growing interest in DeFi, scammers launched a phishing campaign targeting its users. Blockchain security firm PeckShield was the first to alert the crypto community to the ongoing attack, which involved bad actors sharing malicious links impersonating Aave via Google Ads to attract victims and drain their wallets.

#PeckShieldAlert Fake "Aave" ads are topping Google search results.

The phishing site is aaxe[.]co[.]com.

The ads are designed to drain your wallet through malicious transaction signatures. pic.twitter.com/LdVHMflFAT

— PeckShieldAlert (@PeckShieldAlert) August 7, 2025

Phishing scams trick crypto users into revealing sensitive information, such as private keys, seed phrases, or login credentials, by posing as trusted or known crypto platforms.

When an unsuspecting Aave user or crypto investor clicks on the link, it will redirect to a website that closely resembles the real platform and asks them to connect their wallets to its services. Once a wallet has been linked to the phishing website, it will allow hackers to access and transfer all funds stored within it through malicious transaction signatures. Such transactions are often irreversible and may result in permanent loss of funds.

While losses sustained from the ongoing attack are yet to be confirmed, it is particularly concerning due to its high reach, as it is being propagated through a major internet advertising platform. As of 2025, Google Ads commands nearly 70% of the global pay-per-click (PPC) market, making it the dominant player in digital advertising.

Aave has been targeted by scammers several times in the past. In October 2024, a sophisticated phishing attack involving a high-value wallet holder on the platform resulted in the loss of approximately $2.28 million worth of Aave-wrapped DAI (aEthsDAI) tokens. The victim was tricked into granting an unlimited token approval to a malicious contract that was not yet deployed. Once the smart contract was activated, it granted the attacker full access to the wallet, eventually draining it.

The attacker transferred approximately 2.229 million aEthsDAI tokens from the victim’s wallet to their own address. Additionally, they acted on the victim’s behalf and instructed Aave to mint 67 aEthsDAI, manipulating the victim’s position within the DeFi lending protocol. The bad actor used the stolen tokens as collateral on Aave to borrow other assets, thereby obfuscating the original path of the funds.

In 2023, the protocol’s Earning Farm contract was compromised in a reentrancy attack, which resulted in the theft of $287,000 worth of Ether (ETH).

Hacker Steals $3.05 Million in Aave-Wrapped USDT From EIP-7702 Upgraded Wallet

In a separate incident, a highly sophisticated phishing attack resulted in the loss of over $3.05 million in Aave-wrapped USDT (aEthUSDT) for a single crypto trader. This victim unknowingly signed a malicious transaction that granted the hacker full access to their wallet. 

According to cybersecurity firm ScamSniffer, the affected individual thought they were interacting with a seemingly legitimate token swap operation on the Uniswap decentralized exchange (DEX), only to later find out that it was flagged as malicious on the blockchain explorer BscScan. The attack exploited a vulnerability in Ethereum wallet addresses that had upgraded to the new EIP-7702 standard.

After the transaction was signed, the scammer wasted no time in moving the stolen aEthUSDT into another wallet that was previously linked to similar heists. The scam demonstrated how quickly wallets can be drained once access is granted.

This breach is not an isolated event, as just a few days ago, another EIP-7702 wallet lost $66,000 in crypto through a batch transfer exploit disguised as a swap transaction on Uniswap. Merely 18 hours later, a second wallet fell prey to the same operation and lost $33,000 worth of assets.

Also Read: Crypto Hacks in July 2025 Hit $142M Across 17 Attacks as Insider Threats and Phishing Surge

Precautions to Prevent Crypto Phishing Attacks

To prevent phishing scams, investors have been advised to double-check the website URLs of DeFi platforms before executing operations such as depositing funds and linking wallets. In case of a compromise, investors should immediately transfer their assets to a secure wallet. They must reach out to the respective service provider through official channels and revoke any wallet approvals via services like Revoke.cash. 

Never reuse compromised wallets to store or deposit crypto, as scammers are likely to monitor these wallets and attempt to cash out any remaining funds. Investors should also disconnect their wallets from phishing websites.

At the time of writing, Aave (AAVE) is trading at $272.80, up 7.26% in the last 24 hours.