On Wednesday, the decentralized liquidity protocol Aave (Aave) became the first Defi platform to accumulate a record-high $60 billion net deposit across 14 blockchains. Aave’s net deposits have more than tripled since reaching $18 billion in August 2024.
Net deposits refer to the difference between total assets supplied and borrowed assets. If this metric is positive, it indicates that more money is being borrowed than borrowed, reflecting capital inflows and increased user trust.
According to data from Defillama, the total value locked on the platform has increased by more than 45% since early July, while network prices rose from $48 million in June to $65 million last month. Aave’s protocol revenues are also rising, highlighting increased usage and borrowers’ activities.
Aave’s net deposit reached $60 billion – scammers get the chance to launch phishing attacks on users
But exactly one day later Aave has achieved a milestoneFramed by the founder of the protocol, Stani Kulechov, as evidence of growing interest in Defi, the scammers launched a phishing campaign targeting users. Blockchain security company Peckshield was the first to warn the Crypto community of an ongoing attack.
#peckshieldalert Fake “Aave” ads are topped with Google search results.
The phishing site is aaxe(.)co(.)com.
Ads are designed to drain wallets through malicious transaction signatures. pic.twitter.com/ldvhmflfat
– peckshieldalert (@peckshieldalert) August 7, 2025
Phishing scams trick crypto users by pose as trusted or known cryptographic platforms to reveal sensitive information such as private keys, seed phrases, and login credentials.
When an unsuspecting Aave user or Crypto Investor clicks on the link, it will redirect you to a website that is very similar to the actual platform and ask you to connect your wallet to the service. Once the wallet is linked to a phishing website, hackers can access and transfer all funds stored through malicious transaction signatures. Such transactions are often irreversible and can result in permanent losses of funds.
The losses from ongoing attacks have yet to be seen, but are especially concerned because they are propagated through major internet advertising platforms. As of 2025, Google Ads has commanded almost 70% of the global pay-per-click (PPC) market, making it the dominant player in digital advertising.
Aave has been targeted by scammers several times in the past. In October 2024, a sophisticated phishing attack involving high-value wallet holders on the platform lost approximately $2.28 million worth of AaveRapped Dai (Aethsdai) tokens. The victim was tricked into granting unlimited token approval to a malicious contract that has not yet been deployed. Once the smart contract was activated, the attacker was granted full access to the wallet, which was eventually ejected.
The attacker moved approximately 2,222.9 billion Aethsdai tokens from the victim’s wallet to his address. Additionally, they acted on behalf of the victim, directing Aave to Mint 67 Aethsdai to Mint 67 Aethsdai, manipulating the victim’s position within the Defi Lending protocol. The bad actor used the stolen token as collateral for Aave, borrowing other assets, thereby obfuscating the original path of the funds.
In 2023, Protocol’s revenue farm contract was violated Re-attackresulting in the theft of $287,000 worth of ether (ETH).
Hacker steals $3.05 million with Aave-Wrapped USDT from EIP-7702 upgraded wallet
In another case, a very sophisticated phishing attack was lost over $3.05 million in single crypto trader Aave-Wrapped USDT (AethUSDT). The victim unconsciously signed a malicious transaction that granted hackers full access to their wallets.
According to cybersecurity firm Scamsniffer, the affected individuals thought they were interacting with the apparently legal token swap operations of UnisWap distributed exchange (DEX). The attack exploited a vulnerability in the Ethereum wallet address upgraded to a new one EIP-7702 standard.
After the transaction was signed, the scammers wereted no time moving the stolen aethusdt into another wallet that previously linked to a similar robber. The scam showed how quickly your wallet can be drained after access is granted.
This violation is not an isolated event. Just a few days ago, another EIP-7702 wallet cryptographically lost $66,000 through a batch transfer exploit disguised as a swap transaction on UNISWAP. Just 18 hours later, the second wallet fell prey to the same business, losing $33,000 worth of assets.
Read again: In July 2025, Crypto Hacks hit $142 million with 17 attacks as a surge in insider threats and phishing
Precautions to prevent crypto phishing attacks
To prevent phishing scams, investors are advised to double-check the Defi platform website URL before implementing operations such as depositing funds or linking wallets. In the case of compromise, investors should immediately transfer assets to A safe wallet. You will need to reach out to each service provider through official channels and revoke the wallet approval through services such as Revoke.cash.
Scammers are likely to monitor these wallets and try to cash out the remaining funds, so don’t reuse your compromised wallet to store or deposit your crypto. Investors will also need to cut their wallets from the phishing website.
At the time of writing, Aave (Aave) was $272.80, an increase of 7.26% over the past 24 hours.
