Aave Users Hit by Phishing Scam After Platform Surpasses $60 Billion in Deposits
On Wednesday, the decentralized liquidity protocol Aave became the first DeFi platform to reach $60 billion in net deposits, marking an unprecedented milestone across 14 blockchains. The protocol’s net deposits have grown more than threefold since hitting $18 billion in August 2024.
Net deposits represent the gap between total supplied assets and borrowed assets on the platform. A positive figure shows that lending activity exceeds borrowing, which typically signals capital inflows and increased user confidence in the protocol.
Data from DefiLlama reveals that Aave’s total value locked has jumped more than 45% since early July. Network fees climbed from $48 million in June to $65 million last month, while protocol revenue has also increased, demonstrating stronger usage and borrower activity.
Phishing Campaign Targets Users Following Milestone Achievement
Just one day after Aave reached this significant milestone—which founder Stani Kulechov highlighted as proof of growing DeFi interest—scammers launched a coordinated phishing attack against platform users. Blockchain security company PeckShield first warned the crypto community about the ongoing campaign, where bad actors used Google Ads to distribute malicious links that impersonated Aave’s official website.
#PeckShieldAlert Fake "Aave" ads are topping Google search results.
The phishing site is aaxe[.]co[.]com.
The ads are designed to drain your wallet through malicious transaction signatures. pic.twitter.com/LdVHMflFAT
— PeckShieldAlert (@PeckShieldAlert) August 7, 2025
The phishing operation utilized the domain aaxe[.]co[.]com to trick users into connecting their wallets. These fake websites closely mirror legitimate platforms and prompt users to link their crypto wallets to access services. Once connected, hackers can drain connected wallets through malicious transaction signatures, often resulting in permanent fund loss.
This attack proves particularly concerning due to its extensive reach through Google’s advertising network. Google Ads controls nearly 70% of the global pay-per-click market as of 2025, making it the leading digital advertising platform worldwide.
History of Security Incidents Surrounding Aave
Aave has faced multiple security challenges in recent years. In October 2024, a sophisticated phishing attack targeting a high-value wallet holder resulted in approximately $2.28 million in losses of Aave-wrapped DAI tokens. The victim unknowingly approved unlimited token access to a malicious contract that hadn’t been deployed yet, which later granted attackers complete wallet access.
The attacker moved roughly 2.229 million aEthsDAI tokens to their own address and manipulated the victim’s Aave position by minting an additional 67 aEthsDAI. They subsequently used the stolen tokens as collateral to borrow other assets, making the fund trail harder to trace.
Earlier in 2023, hackers exploited the protocol’s Earning Farm contract through a reentrancy attack, stealing $287,000 worth of Ether.
In another recent incident, a crypto trader lost over $3.05 million in Aave-wrapped USDT through a highly sophisticated phishing scheme. According to cybersecurity firm ScamSniffer, the victim believed they were conducting a legitimate token swap on Uniswap but unknowingly signed a malicious transaction that compromised their wallet. This attack specifically targeted wallets upgraded to the new EIP-7702 standard.
The stolen aEthUSDT was quickly transferred to another wallet linked to similar attacks. This incident followed other EIP-7702 wallet compromises, including losses of $66,000 and $33,000 within 18 hours of each other.
Security Measures and Current Trading Activity
Security experts recommend several precautions to avoid phishing attacks. Users should carefully verify website URLs before connecting wallets or depositing funds. If a compromise occurs, investors should immediately move assets to secure wallets, contact service providers through official channels, and revoke wallet approvals using services like Revoke.cash.
Compromised wallets should never be reused for storing crypto, as scammers typically monitor these addresses for future fund deposits. Users should also disconnect wallets from any suspected phishing sites immediately.
At the time of writing, AAVE is trading at $272.80, representing a 7.26% increase over the past 24 hours.
Implications for DeFi Platform Security
The timing of this phishing campaign alongside Aave’s milestone achievement highlights ongoing security challenges facing major DeFi protocols as they gain prominence. While the platform’s growth demonstrates strong user adoption, the incident underscores the continued need for enhanced user education and security measures across the decentralized finance ecosystem.