One of the most popular decentralized financial ecosystems (DeFis), Aave Protocol (AAVE), has been attacked by scammers. While a fake Aave application in Google Play is seeking users' private keys, fraudulent Aave clones occupied the top Google Ads slots.
Not that sort of Aave Protocol (AAVE)
Eagle-eyed DeFi segment enthusiasts have noticed an unauthorized Aave Protocol (AAVE) application in Google Play, Google's official marketplace for Android apps. This application was uploaded to Google Play on Nov. 19 and, since its first release, has already been downloaded 100+ times.
Needless to say, Aave Protocol (AAVE) has not mentioned any sort of mobile application on its official website. All of the positive reviews do not look like the impressions of normal people, while the latest ones speak for themselves:
This is a scam impersonating AAVE protocol, never insert your private key or seed into this app! (...) Its a SCAM app asking for your Private Key. DO NOT INSTALL!!! (...) Scam app. DO NOT USE! They will ask for your private keys and steal your funds. Beware!
The fake application has plagiarized the original content of Aave, including promotional texts, interface design, logos and the like. The scammers even abused the domain name of Aave, pretending that firstname.lastname@example.org is their email address.
Also, fake reviews state that users can earn seven percent in APY, while the maximum rate offered by the original Aave Protocol is 5.98 percent for USD Coin (USDC) stablecoin.
Google fails to tackle impersonating frauds
Typically, this sort of fraudulent application is utilized to hijack users' keypairs to drain his/her Ethereum and ERC-20 funds. Also, these apps steal 2FA codes and compromise all devices affected. Thus, crypto holders may lose their seed phrases and passwords.
Unfortunately, this is not the only way impersonators of Aave Protocol may damage Google users. Should DeFi enthusiasts search for "Aave Protocol" on Google, all Google Ads slots will display the domains of scammers. By adding numbers/homoglyphs, they redirect crypto holders to fake Aave sites and also compromise their keypairs.
At the same time, Google remains super cautious when it comes to other types of crypto-focused advertising. But scammers' websites and fraudulent airdrops still disturb the crypto audience.
Aave Protocol, a veteran DeFi product, is among the top beneficiaries of the ongoing DeFi craze. It witnessed triple-digit gains for several months in a row and was mentioned by CoinGecko as the top performer of July 2020.
At press time, it is ranked among the Top 5 DeFis by total value locked (TVL) according to popular analytical service DeFi Pulse.