Just one day after Aave became the first DeFi protocol to surpass $60 billion in net deposits, the platform’s users were targeted in a phishing attack leveraging malicious Google Ads. The timing has raised concerns about security risks surrounding large-scale decentralized protocols.
According to PeckShield, a blockchain security firm, the phishing campaign involved fake Aave investment platforms promoted through Google Ads, tricking users into linking their wallets to fraudulent sites. Once connected, scammers can gain access to user wallets and irreversibly drain assets.
“These attacks are becoming more sophisticated and often mimic real platforms with surprising accuracy,” noted a security researcher monitoring the campaign.
Milestone Followed by Malware
Aave announced on Wednesday that it had reached $60 billion in net deposits across 14 supported networks, tripling its deposits from $18 billion a year ago, according to data from Token Terminal.
“Aave’s rapid growth in the DeFi space makes it a natural target for phishing campaigns,” one analyst commented. “Users must remain vigilant, especially when using search engines to access DeFi platforms.”
#PeckShieldAlert Fake "Aave" ads are topping Google search results.
The phishing site is aaxe[.]co[.]com.
The ads are designed to drain your wallet through malicious transaction signatures. pic.twitter.com/LdVHMflFAT
Phishing scams often mimic trusted services, luring victims to enter sensitive information like seed phrases or private keys. The current campaign poses a high threat level due to its use of Google’s ad platform for distribution.
Security experts advise users to:
Double-check URLs before connecting wallets or depositing funds
Use browser bookmarks for accessing DeFi platforms
Revoke wallet approvals via tools like Revoke.cash
Immediately transfer assets if a wallet is compromised
Never reuse compromised wallets, as scammers may continue monitoring them
“The safest move after any compromise is to migrate to a new wallet and review all approval permissions,” the researcher added.
As Aave celebrates a major DeFi milestone, the phishing attack underscores the ongoing need for user education and vigilance in the evolving Web3 ecosystem.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.
We use cookies to personalize content and ads, provide social media features, and analyze our traffic. In accordance with GDPR/AVG and EU cookie regulations, data is processed only with your consent. We may share information about your use of our website with our social media, advertising, and analytics partners, and you can manage or withdraw your consent at any time. View more
Cookies settings
Accept
Privacy & Cookie policy
Privacy & Cookies policy
Cookies list
Cookie name
Active
Privacy Policy
At BitxJournal.com, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, process, store, and protect personal information in accordance with the General Data Protection Regulation (GDPR) and AVG (EU privacy legislation).
1. Data Controller
BitxJournal.com acts as the data controller for all personal data processed through this website.
2. Personal Data We Collect
We may collect and process the following categories of data:
Personal Data
Name and email address (when you subscribe to newsletters or contact us)
Technical & Usage Data
IP address, browser type, operating system
Device information
Pages visited, referral sources, and interaction data
This data is collected via cookies, log files, and analytics technologies.
3. Legal Basis for Processing
We process personal data only when a lawful basis exists, including:
Consent – when you explicitly agree (e.g., cookies, newsletter sign-up)
Legitimate interest – to operate, secure, and improve our website
Legal obligation – when required by applicable laws
You may withdraw your consent at any time.
4. Purpose of Data Processing
Your data is processed for the following purposes:
Operating and maintaining the website
Improving content, usability, and performance
Sending newsletters or updates (only with consent)
Analyzing traffic and user behavior
Responding to inquiries or support requests
5. Cookies & Consent Management
We use cookies and similar technologies in compliance with EU Cookie Law.
Non-essential cookies are placed only after explicit user consent
Users may accept, reject, or manage cookie preferences at any time
Consent can be withdrawn without affecting prior lawful processing
Detailed cookie information is available in our Cookie Settings panel.
6. Third-Party Data Processing
We may share limited data with trusted third-party service providers, including:
Analytics providers (e.g., Google Analytics)
Advertising partners (for personalized or non-personalized ads)
These third parties act as data processors and process data only under contractual obligations compliant with GDPR/AVG.
7. International Data Transfers
Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent legal mechanisms.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law.
9. Data Security
We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.
10. Your GDPR Rights
Under GDPR/AVG, you have the right to:
Access your personal data
Rectify inaccurate or incomplete data
Request data erasure (“right to be forgotten”)
Restrict or object to processing
Data portability
Withdraw consent at any time
Lodge a complaint with a supervisory authority
11. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy at any time. Any changes will be posted on this page with a revised effective date.
12. Contact Information
For privacy-related inquiries or GDPR requests, contact:
