- Monad users reported spoofed ERC20 transfers within 48 hours of mainnet launch.
- More than 76,000 wallets claimed 3.33 billion MON tokens in the airdrop.
- Monad’s testnet recorded more than 2.6 billion transactions.
Monad’s first week on mainnet has drawn intense attention across the crypto community, but it has also revealed how quickly malicious tactics can surface on a new EVM chain.
The project went live only a day before users began spotting unusual ERC20 transfer notifications that appeared legitimate at first glance.
Reports across X on Tuesday, Nov. 25, showed that scammers were already attempting to mislead newcomers who were still getting used to the network’s tools.
The incident created confusion during a launch that has otherwise seen strong participation and rapid growth, especially around the airdrop and early trading activity.
Spoof alerts grow across new network
Several users highlighted that fabricated ERC20 token transfers were appearing on explorers and wallets within 48 hours of the mainnet debut . These events looked authentic but did not move funds or alter balances.
A post on X from Monad co-founder and chief technology officer James Hunsaker drew early attention to the problem, as he warned that scammers were broadcasting fabricated transfers that appeared to come from his wallet.
The issue emerged because ERC20 is only an interface standard, which allows any contract to emit logs that resemble transfer activity even when no tokens are involved.
This behaviour is common across new EVM ecosystems, especially during traffic spikes when users rush to test fresh applications.
Screenshots circulating online showed transactions that looked like genuine movements of assets, which contributed to early confusion.
Social engineering links drive the activity
The appearance of these fake transfers formed part of a broader attempt to direct users toward phishing pages, claim buttons, or malicious contract approvals.
Spoofing has long been used to trick users into believing they have received unexpected tokens or triggered actions they did not initiate.
The tactic relies on creating urgency so that users interact with unsafe links.
As activity increased, the hashtag #MonadScam briefly trended on X before interest settled.
The network stated that the incident was not an exploit and noted that no funds were lost.
Many users also noted that wallet balances remained unchanged, which helped clarify the situation once the warnings spread.
Launch activity and airdrop hype fuel attention
Monad launched with significant momentum, which contributed to the early surge in attention from attackers.
More than 76,000 wallets claimed 3.33 billion MON tokens in the airdrop round, worth about $105 million at the time.
The demand created an ideal moment for malicious actors who were already familiar with earlier phishing attempts that imitated Monad’s airdrop portal.
The chain has been one of the most active debuts of the year, supported by more than 280 projects at launch.
The network is built by former Jump Trading engineers and is positioned as a high-performance, EVM-compatible chain.
Funding has exceeded $260 million from backers such as Paradigm, Electric Capital, and OKX Ventures.
Its testnet recorded more than 2.6 billion transactions, more than 300 million wallets, and 41 million blocks. These early figures contributed to heavy interest during the mainnet rollout, which made the environment more attractive to scammers looking to exploit user excitement.
Token activity rises as users stay cautious
MON opened at $0.02, and after an initial drop, the token gained more than 50% and traded near $0.045 at press time.
Source: CoinMarketCap
Increased interaction across dApps and explorers has encouraged the team to advise users to avoid urgency prompts, rely on verified explorers, and double-check contract engagements as mainnet traffic continues to rise.
The combination of rapid adoption, large airdrop participation, and growing traction across the ecosystem has made security awareness a priority during the early phase of the network.
