In brief
- Monad users have reported spoofed transfers shortly after Monday’s mainnet and token launch.
- Attackers emitted fake ERC-20 events that explorers displayed as real activity, according to Monad’s CTO and co-founder.
- The incident has coincided with rising MON trading and renewed attention on the chain.
Bad actors began spoofing token transfers on Monad less than two days after the network and its MON token officially went live on Monday, and within a day of airdropped and publicly sold tokens becoming accessible to users during the chain’s first period of liquidity and onboarding.
The spoofing was first reported by Monad CTO and co-founder James Hunsaker, who noted that the transactions appeared as standard token transfers on explorers, despite no movement of funds or signatures from the wallets being impersonated.
“Warning—there are fake ERC-20 transfers pretending to be from my wallet,” Hunsaker disclosed Tuesday evening on X, citing a Monad user who alerted him of the transactions.
Hunsaker added that ERC-20 is “just a token interface standard,” and that it is easy for someone to write a contract that meets the required functions while inserting unauthorized address entries.
Such a structure allows malicious contracts to create events to make activity appear legitimate, even when no actual wallet approval occurred.
Hunsaker added that the malicious activity is not a bug on Monad’s blockchain, and is instead “spoofing within their smart contract to try to trick people.”
Decrypt has reached out to Hunsaker and Monad for additional comment.
In one sample transaction provided by Hunsaker, the set of transfers followed a pattern common among EVM-based chains in which attackers deploy their own contracts and emit events that look like real token transfers, even though no wallets signed anything and no tokens moved.
Explorers display those events as regular activity, which can mislead users who might be checking wallet history.
In this case, the contracts also generated fake swap calls and other artificial signatures to appear as actual trading around the MON ecosystem.
The idea, ostensibly, is to create the appearance of legitimate activity on a new network as users open wallets and move tokens for the first time.
The fake transfers come amid intensified activity around Monad following the network’s launch and the release of its MON token.
Roughly 76,000 wallets claimed MON over the past month but did not receive their tokens until Monday, when the network and its token went live.
A day after its launch, MON rose 19% to $0.042. At the time of writing, the token is up 43% on the day, with its market cap reaching roughly $500 million, per CoinGecko data.
Monad has been touted as a competitor to Ethereum and Solana, positioning itself as a high-performance, EVM-compatible network designed to process transactions in parallel and support throughput-intensive applications.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.