Scammers Target Monad Mainnet With Fake Tokens in First 48 Hours

Monad’s mainnet launch encountered a wave of spoofed token transfers within 48 hours of going live. The fraudulent activity targeted early recipients of airdropped and publicly sold MON tokens.

The spoofing emerged during the network’s first meaningful liquidity window. Attackers exploited ERC-20 token contract structures to create fake transactions visible on blockchain explorers.

warning – there are fake ERC-20 transfers pretending to be from my wallethttps://t.co/TCZTfDfoTQ

example:https://t.co/wA1I8RFTdQ

you can see the txs are not sent by me

ERC-20 is just a token interface standard, it's easy to write a smart contract that meets that standard…

— James (mainnet arc) (@_jhunsaker) November 25, 2025

Monad CTO and co-founder James Hunsaker issued the first warnings. He revealed suspicious transactions appearing on explorers that mimicked legitimate wallet activity without moving actual funds.

Fake Monad Transfers Exploit ERC-20 Interface Standards

Hunsaker warned users on X after a community member spotted the fraudulent activity. The fake transfers displayed as standard ERC-20 movements despite no signatures being issued from impersonated wallets.

it's not a bug, but yes it is spoofing within their smart contract to try to trick people

— James (mainnet arc) (@_jhunsaker) November 25, 2025

Warning – there are fake ERC-20 transfers pretending to be from my wallet.

Hunsaker wrote

He credited community vigilance for identifying the threat early.

The problem stems from ERC-20’s interface standard design rather than blockchain flaws. Anyone can deploy contracts fulfilling minimum function requirements while inserting arbitrary or misleading address data.

Malicious actors emit events that resemble legitimate transfers. These create the illusion of activity without triggering wallet approvals or actual token movements.

The spoofing technique is familiar across EVM-based ecosystems. Attackers deploy contracts and emit events that explorers interpret as valid transfers even when no tokens move.

Hunsaker shared examples of fraudulent contracts generating fake swap calls. The simulated trading patterns around the MON ecosystem appeared authentic to casual observers checking transaction history.

Attackers Mimic Legitimate Trading Activity

The CTO noted early Wednesday that fake movements appeared as normal MON transfers on explorers. Transactions from impersonated wallets were visible at the time of discovery.

ERC-20 is just a token interface standard; it’s easy to write a smart contract that meets that standard but can have address entries which are not authorized by the owner.

Hunsaker explained.

The spoofing attempts mirrored patterns seen in other EVM-based chains. Attackers typically deploy contracts and emit events impersonating real token transactions without actual transfers or wallet approvals.

On-chain data revealed illegitimate fake swap calls and artificially generated signatures. These were used to simulate actual token transfers on the MON blockchain.

The timing coincided with the network’s launch as users opened wallets and transferred tokens for the first time. The spoofing attempt began immediately after early recipients gained access to their tokens.

Meanwhile, Monad’s high-throughput blockchain went live Monday after years of development. The mainnet launch followed weeks of token distribution efforts aimed at building community participation and ecosystem ownership.

The public debut comes amid mixed market reception. MON tokens began trading below their initial coin offering price on Coinbase, raising questions about launch strategy and current market conditions.