Monad’s mainnet launch was overshadowed by a wave of spoofed token transfers that surfaced less than two days after the network and its MON token went live.
Important points:
- Monad faced spoofed ERC-20 transmissions just two days after launch, causing false activity for explorers.
- The attacker exploited the ERC-20 standard by issuing misleading events that mimicked real wallet activity.
- Spoofed forwarding is intended to mislead users during the network’s initial high-traffic onboarding period.
The issue arose when early recipients gained access to airdropped and publicly sold tokens, marking the first meaningful period of on-chain liquidity and user onboarding.
The first warning came from Monad CTO and co-founder James Hunsaker, who revealed that several suspicious transactions had appeared on Blockchain Explorer.
Fake ERC-20 surfaced as attacker mimics wallet activity on Monad
Although these transfers appeared to be standard ERC-20 movements, no funds were actually transferred and no signature was issued from the spoofed wallet.
“Warning – there are fake ERC-20 transfers pretending to be from my wallet,” Hunsaker wrote on X, naming the community member who discovered the activity.
According to Hunsaker, the issue stems from the structure of the ERC-20 token contract, rather than a flaw in Monad’s blockchain.
ERC-20 is simply an interface standard, meaning anyone can introduce contracts that meet minimal functional requirements while inserting arbitrary or misleading address data.
This structure allows malicious attackers to issue events that resemble legitimate transfers, creating the illusion of activity without triggering real wallet authorization.
Spoofing techniques are well known throughout the EVM-based ecosystem. The attacker deploys their own contract and issues an event that Explorer interprets as a valid token transfer, even though no token is being moved.
In one example Hunsaker shared, a fraudulent contract generated fake swap calls and simulated trading patterns around the MON ecosystem, making the activity appear authentic to casual observers checking the trading history.
These fake transfers may be aimed at exploiting the chaotic early days of the new network, when users are opening wallets, claiming tokens, and monitoring liquidity.
By faking active transactions and movements, attackers hope to mislead users into interacting with contracts and tokens they believe are trustworthy.
76,000 wallets claim tokens after Monad launch, MON surges 43%
This activity comes at a busy time for Monad. More than 76,000 wallets claimed MON in the weeks leading up to launch, but they were only able to access the tokens once the network went live on Monday.
MON rose 19% on its first day and is now up 43%, with a market cap of nearly $500 million, according to CoinGecko.
Monad positions itself as a high-performance EVM-compatible chain capable of parallel transaction processing, a model aimed at attracting users frustrated with Ethereum’s congestion and competing directly with platforms like Solana.
Monad faces fake token transfer attack within 2 days of launch This article was first published on Cryptonews.
