Monad’s mainnet launch has been overshadowed by a wave of spoofed token transfers that surfaced less than two days after the network and its MON token went live . Key Takeaways: Monad faced spoofed ERC-20 transfers just two days after launch, creating fake activity on explorers. Attackers exploited the ERC-20 standard by emitting misleading events that mimic real wallet activity. The spoofed transfers aim to mislead users during the network’s early, high-traffic onboarding period. The issue emerged just as early recipients gained access to their airdropped and publicly sold tokens, marking the chain’s first meaningful window of liquidity and user onboarding. The first warnings came from Monad CTO and co-founder James Hunsaker, who revealed that several suspicious transactions were appearing on blockchain explorers. Fake ERC-20 Transfers Surface as Attackers Mimic Wallet Activity on Monad These transfers looked identical to standard ERC-20 movements, yet no funds were actually moved and no signatures were issued from the wallets being impersonated. “Warning – there are fake ERC-20 transfers pretending to be from my wallet,” Hunsaker wrote on X , crediting a community member who spotted the activity. According to Hunsaker, the problem stems from how ERC-20 token contracts are structured rather than from a flaw in Monad’s blockchain. ERC-20 is merely an interface standard, which means anyone can deploy a contract that fulfills the minimum function requirements while inserting arbitrary or misleading address data. With that structure, malicious actors can emit events that resemble legitimate transfers, creating the illusion of activity without triggering any real wallet approvals. The spoofing technique is familiar across EVM-based ecosystems. Attackers deploy their own contracts and emit events that explorers interpret as valid token transfers, even though no tokens have moved. In one example shared by Hunsaker, the fraudulent contract generated fake swap calls and simulated trading patterns around the MON ecosystem, making the activity appear authentic to a casual observer checking transaction history. it's not a bug, but yes it is spoofing within their smart contract to try to trick people — James (mainnet arc) (@_jhunsaker) November 25, 2025 These fake transfers likely aim to exploit the chaotic early hours of a new network, when users are opening wallets, claiming tokens, and monitoring liquidity. By creating the appearance of active trading and movement, attackers hope to mislead users into interacting with contracts or tokens that appear trustworthy. MON Surges 43% as 76,000 Wallets Claim Tokens Following Monad’s Launch The activity comes at a busy moment for Monad . More than 76,000 wallets claimed MON in the weeks leading up to launch, but tokens only became accessible once the network went live on Monday. MON rose 19% on its first day and is now up 43%, with a market cap near $500 million, according to CoinGecko. Monad positions itself as a high-performance, EVM-compatible chain capable of parallel transaction processing, a model aimed at capturing users frustrated with Ethereum’s congestion and competing directly with platforms like Solana. The post Monad Faces Fake Token Transfer Attacks Less Than Two Days After Launch appeared first on Cryptonews .
