Google ad scammers are plaguing crypto firms — and some say Google should be doing more to help

Quick Take
- Google ad scammers have evolved over the years, and are now targeting DeFi platforms.
- Some crypto companies and security professionals say Google should be taking more action to combat these prevalent scams.
We'd love your feedback.
So, you want to try out a new “DeFi” service. Let’s say you want to make a trade using Balancer, the popular automated market maker. You Google “Balancer” and a Balancer ad appears at the top of the search results. You click, and arrive at Balancer’s website — or so you think.
In fact, it’s a phony Balancer site, designed to trick you into giving away access to your cryptocurrency. To use Balancer (the real one) you have to connect it to your MetaMask account, the Ethereum wallet service. The fake Balancer site prompts you to do just the same. Then, a prompt that appears to be from Metamask asks you to enter your private key.
If you are savvy enough, maybe this is when you realize it’s a scam: the real Metamask asks for a password, not a private key.
Either way, Google-based phishing scams — which have become a rampant problem in the cryptocurrency ecosystem — are catching all kinds of crypto users unaware.
MetaMask is well aware of this sort of scam, and does what it can to protect its users. The company keeps a running list of known phishing schemes. It also has developed a phishing detector tool that warns users if they try to visit known malicious sites. If a Metamask user clicks through to a page on the blocklist, they are first shown a “warning page” notifying them of the malicious site. Sometimes the user is automatically directed to the correct MetaMask page. Other times, users can choose to proceed to the malicious site at their own discretion.
To date, MetaMask has blocked a total of 10,954 known phishing websites, according to the company's founder Dan Finlay. From June to August this year alone, MetaMask saw 3,800 phishing detector page loads, meaning that 3,800 phishing attempts were prevented, said Finlay.
But that's not enough to stop the scammers, who are constantly creating new fake sites.
What's more, Balancer and MetaMask are far from the only services in the crosshairs. Companies throughout the crypto industry are struggling to cope with the scourge of Google-based scams. And some say Google itself should be doing much more to fix the problem.
An evolving threat
Scammers using Google to trick crypto users is not a new problem. The tactic first arose during the ICO boom in 2017, according to Harry Denley, director of security at MyCrypto. But in some ways, the problem is getting worse as the scammers refine their methods to stay one step ahead in what has essentially become a cat-and-mouse game.
Initially, scammers just used domain names that differed slightly from the real domain ones, said Denley. For example, in 2017, a scammer created "myetheriwallet.com" to mimic the legitimate domain name, "myetherwallet.com."
Over time, scammers started using non-English alphabet characters that, at a glance, pass as English letters to trick even more people. For instance, a scammer might replace the "i" in Uniswap with an "ī".
Now, Google ad scammers are using domain-masking techniques in their phony ads to show users legitimate domain names while directing those who click to a phony one. Denley said that this particular shift in technique appears more focused on DeFi-related platforms like Uniswap and its competitors.
The problem is difficult to quantify because users often don’t report getting scammed. “One of the hardest things is for victims to come forward and report their experience,” Denley said, adding that it's not just inexperienced users who are getting snared. “We have also seen a lot of experienced professionals falling victim to malicious Google ads and lost cryptocurrencies.”
Like MetaMask, other crypto companies that have become targets of Google ad scammers have been forced to develop their own defenses against them.
Kosala Hemachandra, CEO and founder of MyEtherWallet (MEW), said his company has two separate security teams devoted to monitoring and reporting scams. These teams are currently monitoring more than 2,100 domain names that are similar to MEW or found to be impersonating MEW’s visual interface, according to Hemachandra.
If they find a malicious website, the company will file a Digital Millennium Copyright Act (DMCA) complaint in addition to alerting Google. MEW adds 40 to 60 new sites to the list per week, said Hemachandra.
SatoshiLabs, which makes the popular wallet service Trezor, has also taken matters into its own hands, according to CEO Marek (Slush) Palatinus. After years of educating users about these dangers of fake ads and phishing sites via blog posts, newsletters, social media and video content, Trezor is now beta testing a new online platform that will help control phishing attempts.
Google's responsibility?
Palatinus said Trezor also works with other companies to control the spread of phishing websites, at the company's own expense.
But while this process can be effective, he said, it is too slow to protect every user. In that light, Google should be doing more, he said. “We would expect that this would be of a bigger priority for Google than it is.”
What should Google be doing differently? “The speed with which they deal with these issues is rather slow,” said Palatinus. “We believe they should improve their algorithms, have a better system in place for advertising approvals, and have a much faster mechanism of reporting and removing the scam ads."
MyEtherWallet’s Hemachandra said Google should be more proactive in seeking out bad actors. “Google doesn't do screenings for these ads unless someone complains that it is being used for phishing purposes or to scam someone," he said.
Compounding the problem is that scammers usually begin by hacking into other people’s Google accounts, which they then use to place their fake ads. “Unfortunately, actual Google account owners don't know phishers are using their accounts, and this has been happening for a while,” said Hemachandra.
Matt Marx, co-founder of PhishFort, an anti-phishing company, agreed that Google "is not doing enough" to combat ad scammers. The problem also extends beyond ads, he said. Google’s Play Store, Chrome Extension Store, Youtube, and Blogspot have all been repeatedly abused by scammers, said Marx, who added that he is working with the team at Google Safebrowsing to improve their detection and blacklisting algorithms.
“The brands that we see targeted are repeatedly targeted,” said Marx. “Brands that are repeatedly targets of these campaigns should be flagged as high risk and Google's internal ad review process should include this in their consideration.”
In an interview with The Block, a Google spokesperson declined to address crypto-specific ad scams, except to say that the company does not have separate criteria for dealing with them versus other kinds of ad scams. Still, the spokesperson called protecting users from ad scams and fraud “a key priority.”
“We have robust ad policies and prohibit advertisers from attempting to conceal their identity or impersonate other brands and consider such deceitful practices to be an egregious violation of our policies,” the spokesperson said, adding that Google took down approximately 2.7 billion bad ads in 2019.
Meanwhile, dApps, wallets and exchanges can take stricter measures on their own to combat phishing attacks, according to Marx. One approach is to pay what he calls the “Google tax” — essentially, a company can buy up all the search words a potential imposter might try to exploit. In addition, companies should establish a solid detection and monitoring channel, he said.
Marx also has a simple piece of advice for crypto users: “Don't use Google Search to find important sites.”
© 2026 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

