- Monad users reported spoofed ERC20 transfer notifications within 48 hours of the mainnet launch.
- More than 76,000 wallets claimed 3.33 billion MON tokens in the airdrop.
- Monad’s testnet recorded over 2.6 billion transactions.
The first week of Monad’s mainnet launch drew intense attention across the crypto community and exposed how quickly malicious tactics can appear on a new EVM-compatible chain.
The project went live only a day before users began seeing unusual ERC20 transfer notifications that at first glance looked legitimate.
Reports on X on Tuesday, November 25 showed scammers were already trying to deceive newcomers who were still learning the chain’s tools.
The incident caused confusion during a launch that otherwise saw heavy participation and rapid growth, driven especially by the airdrop and early trading activity.
Spoofing alerts rise on the new network
Multiple users noted that fabricated ERC20 transfer entries appeared in explorers and wallets within 48 hours of the mainnet launch. These entries looked authentic but did not move funds or change balances.
A post on X by Monad cofounder and CTO James Hunsaker highlighted the problem early, warning that scammers were broadcasting fabricated transfers that appeared to originate from his wallet.
The issue stems from the ERC20 standard being an interface specification: any contract can emit logs that resemble transfer activity even when no tokens are involved.
This behavior is common in new EVM ecosystems, especially during traffic spikes when users rush to try new applications.
Screenshots circulating online showed transactions that appeared to be genuine asset movements, which contributed to initial confusion.
Social-engineering links drive activity
These fake transfers were part of a broader effort to steer users toward phishing pages, fake “claim” buttons, or malicious contract approvals.
Impersonation tactics have long been used to trick users into believing they received unexpected tokens or triggered actions they did not initiate.
The approach relies on creating urgency to prompt users to interact with unsafe links.
As activity surged, the hashtag #MonadScam briefly trended on X before interest subsided.
The chain stated the incident was not an exploit and emphasized that no funds were lost.
Many users also observed that wallet balances remained unchanged, which helped clarify the situation once warnings spread.
Launch activity and airdrop hype draw attention
Monad launched with significant momentum, which in turn attracted early attention from attackers.
Over 76,000 wallets claimed 3.33 billion MON tokens during the airdrop round, valued at roughly $105 million at the time.
High demand created an ideal environment for malicious actors already familiar with previous phishing attempts that mimicked the Monad airdrop portal.
The chain ranked among the most active debuts of the year, backed by more than 280 projects since launch.
Built by former Jump Trading engineers, Monad positions itself as a high-performance, EVM-compatible chain.
Funding has exceeded $260 million from backers such as Paradigm, Electric Capital, and OKX Ventures.
The testnet recorded over 2.6 billion transactions, more than 300 million wallets, and 41 million blocks. Those early metrics generated significant interest during mainnet rollout, making the environment attractive to scammers seeking to exploit user excitement.
Token activity rises as users stay cautious
MON opened at $0.02 and, after an initial dip, rose more than 50%, trading near $0.045 at the time of publication.
The rising interaction between dApps and explorers has prompted the team to advise users to resist urgency, rely on verified explorers, and double-check contracts as mainnet traffic continues to rise.
The mix of rapid adoption, heavy airdrop participation, and growing ecosystem traction has made security awareness a top priority during the network’s early phase.