Aave, one of the largest decentralized finance protocols, announced this week that it had become the first DeFi platform to surpass $60 billion in net deposits across 14 networks. The milestone marked a massive leap from around $18 billion in August 2024, according to Token Terminal, tripling deposits in just one year. However, the celebration was short-lived. Less than 24 hours later, blockchain security firm PeckShield warned of an active phishing campaign targeting Aave users, with scammers exploiting Google Ads to lure victims.

The fraudulent ads directed users to fake Aave platforms, where they were prompted to connect their crypto wallets. Once connected, scammers could gain full access to the victims’ funds, enabling instant and irreversible transfers. While the total losses remain unconfirmed, the scope of the attack is significant due to Google Ads’ wide reach.

Phishing scams remain one of the most dangerous threats in crypto, often impersonating trusted services to steal sensitive data such as private keys and seed phrases. Security experts advise investors to carefully verify website URLs before depositing funds or linking wallets. If a wallet is compromised, users should immediately transfer remaining assets to a secure wallet, revoke any approvals using tools like Revoke.cash, and contact service providers through official channels.

Experts also stress that compromised wallets should never be reused, as scammers frequently monitor them for future deposits. Disconnecting from any malicious platforms and adopting proactive security habits can help reduce the risk of falling victim to such attacks.