Attackers exploited the ERC-20 standard by emitting misleading events that simulated real wallet activity.
The issue comes just as early adopters begin to get access to Airdrop and public Token Token , marking the blockchain’s first meaningful “ liquidation window” and user onboarding period.
The first warning came from Monad CTO and co-founder James Hunsaker, who revealed that a number of suspicious transactions were appearing on blockchain explorers.
Fake ERC-20 transfers appear as attacker simulates wallet activity on Monad
These transactions look exactly like regular ERC-20 transfers, but no funds are actually moved and no signatures are issued from the wallets being tampered with.
“Warning – there are fake ERC-20 transactions, pretending to be sent from my wallet,” Hunsaker wrote on X, crediting a community member for spotting the activity.
According to Hunsaker, the problem stems from the way ERC-20 Token contracts are designed, not from a bug in the Monad blockchain.
ERC-20 is just an interface standard, which means anyone can deploy a contract that follows minimal functional requirements, while injecting arbitrary or misleading address data.
With such a structure, malicious actors can emit events that look like legitimate transactions, creating the illusion of funds being transferred without any actual approval from the wallet.
This spoofing technique is not uncommon in EVM-based ecosystems. The attacker deploys his own contract and emits events that blockchain explorers interpret as valid Token transfers, even though no Token are actually moved.
In one example Hunsaker Chia , the fraudulent contract created fake swap orders and simulated trading patterns around the MON ecosystem, making the activity appear legitimate to someone XEM at the transaction history superficially.
These fake transactions are likely meant to take advantage of the chaos in the first hours of a new network, when users are opening wallets, receiving Token , and monitoring liquidation.
By creating the appearance of active trading activity and money flow, attackers hope to trick users into interacting with seemingly trustworthy contracts or Token .
MON surges 43% as 76,000 wallets receive Token after Monad launch
The move comes at a busy time for Monad. More than 76,000 wallets received MON in the weeks leading up to the launch, but the Token were only actually usable after the network went live on Monday.
MON rose 19% on its first day and is now up 43% in total, with a market Capital of approximately $500 million, according to CoinGecko.
Monad positions itself as a high-performance, EVM-compatible blockchain capable of parallel transaction processing – a model aimed at attracting users frustrated with Ethereum's congestion and directly competing with platforms like Solana.
