- Users reported spoofed ERC20 transfers within 48 hours of Monad’s mainnet launch.
- More than 76,000 wallets claimed 3.33 billion MON tokens during the airdrop.
- Monad’s testnet recorded over 2.6 billion transactions.
Monad’s mainnet debut generated intense attention from the crypto community in its first week, while also exposing how quickly malicious tactics can surface on a new EVM-compatible chain.
Just one day after the launch, users began noticing ERC20 transfer notifications that appeared legitimate at first glance.
On Tuesday, November 25, reports on X indicated scammers were attempting to mislead newcomers who were still learning the network’s tools.
The incident caused confusion during the launch, which had seen active and fast growth, particularly during the airdrop and early trading phases.
Spoofing alerts rise on the new network
Several users noted that within 48 hours of the mainnet going live, spoofed ERC20 transfer logs began appearing in explorers and wallets. These entries looked authentic but did not move funds or affect balances.
Monad co-founder and chief technology officer James Hunsaker raised an early warning on X, noting that scammers were broadcasting fake transfers that appeared to originate from his wallet.
The issue stems from ERC20 being an interface standard: any contract can emit logs resembling transfer activity even if no tokens actually exist or move.
This behavior is common in new EVM ecosystems, especially when traffic surges and users rush to test fresh applications.
Screenshots shared online showed transactions that seemed to depict real asset movement, amplifying early confusion.
Social-engineering campaigns drive the activity
These fake transfers were used as part of broader campaigns to guide users to phishing pages, fraudulent claim buttons, or malicious contract approvals.
Spoofing has long been employed to trick users into believing they received unexpected tokens or that actions they did not initiate have occurred.
The strategy relies on creating a sense of urgency that prompts users to interact with unsafe links.
As the activity increased, the hashtag #MonadScam briefly trended on X before public interest subsided.
The network emphasized the incident was not an exploit and confirmed that no funds were lost.
Many users also noticed wallet balances remained unchanged, which helped clarify the situation as warnings spread.
Launch momentum and the airdrop attract attention
Monad opened with strong momentum, which in turn drew attackers’ early focus.
More than 76,000 wallets participated in the airdrop round, claiming 3.33 billion MON tokens, with an estimated value of about $105 million at the time.
That demand created an ideal opportunity for bad actors, who had already been deploying phishing attempts imitating early Monad airdrop portals.
The chain was among the most active debut projects this year, with over 280 projects supporting the launch.
Built by former Jump Trading engineers, Monad positions itself as a high-performance, EVM-compatible blockchain.
Backers including Paradigm, Electric Capital, and OKX Ventures have supported the project with more than $260 million in funding.
Its testnet recorded over 2.6 billion transactions, more than 300 million wallets, and 41 million blocks. Those early metrics drew intense attention during mainnet rollout, making it easier for scammers to exploit user enthusiasm.
Token activity rises as users stay cautious
MON opened at $0.02; after an initial dip the token rose more than 50%, trading around $0.045 at the time of reporting.
Increased interaction with dApps and explorers prompted the team to advise users to avoid urgent prompts, rely on verified browsers, and double-check contract interactions as mainnet traffic rose.
Rapid adoption, heavy airdrop participation, and the ecosystem’s growing influence have made security awareness a top priority in the network’s early stages.