Aave’s Record-Breaking Week Turns Sour
Aave, one of the largest decentralized finance (DeFi) platforms, was hit by a phishing attack just a day after it celebrated crossing $60 billion in net deposits. On Wednesday, Aave announced its milestone, noting the achievement spanned across 14 blockchain networks, solidifying its position as a DeFi heavyweight.
Data from Token Terminal showed Aave’s net deposits had more than tripled in a year, rising from $18 billion in August 2024 to the impressive $60 billion mark in 2025. But as the DeFi community took note, scammers pounced on the hype.
Scammers Use Google Ads to Launch Phishing Campaign
By Thursday, security firm PeckShield warned the crypto community of a phishing campaign specifically targeting Aave users. The scam was executed through Google Ads, a tactic increasingly popular among cybercriminals for reaching high-traffic crypto audiences.
The ads directed users to fake Aave investment platforms, designed to look legitimate, but set up to trick visitors into linking their crypto wallets. Once connected, scammers gain full access to the wallet and can drain all its funds, often leaving no chance for recovery.
The scale of the phishing attack remains unconfirmed, but given that it's being amplified via Google Ads, the potential reach is massive.
#PeckShieldAlert Fake "Aave" ads are topping Google search results.
— PeckShieldAlert (@PeckShieldAlert) August 7, 2025
The phishing site is aaxe[.]co[.]com.
The ads are designed to drain your wallet through malicious transaction signatures. pic.twitter.com/LdVHMflFAT
#PeckShieldAlert Fake "Aave" ads are topping Google search results.
— PeckShieldAlert (@PeckShieldAlert) August 7, 2025
The phishing site is aaxe[.]co[.]com.
The ads are designed to drain your wallet through malicious transaction signatures. pic.twitter.com/LdVHMflFAT
How the Scam Works
Users lured by the fake ads land on a malicious website that mimics Aave’s branding. They're then prompted to connect their Web3 wallets — a standard interaction for DeFi users. But here, the moment the wallet is linked, the attacker can initiate unauthorized transactions and siphon off the assets.
These types of scams are particularly dangerous because they don’t require the user to share seed phrases or private keys. Simply approving a malicious smart contract can be enough to compromise an account.
How Users Can Stay Safe
Security experts are once again urging users to double-check URLs and avoid clicking on ads that appear at the top of search results. They should also verify that they are on official project pages, especially before signing or approving any transaction.
If a wallet is suspected to be compromised, users should immediately move funds to a new secure wallet and revoke any token approvals via tools like Revoke.cash. Wallets that have interacted with malicious dApps should never be reused for storing assets, as attackers often monitor them indefinitely.
Aave’s Growth Continues Despite the Attack
Despite the phishing campaign, Aave’s ecosystem continues to expand. A recent governance proposal to launch centralized lending through Kraken’s Ink platform has moved forward, showing the protocol’s ambition to bridge DeFi with regulated finance.
Still, the phishing incident highlights the persistent risks in the crypto space, especially when it comes to third-party platforms like Google Ads being used to impersonate legitimate services.
Aave has not released an official statement about the attack at this time, but users are advised to remain cautious and report any suspicious activity immediately.
