Fake token transfers detected on the Monad network in the first days after launch

Key points:

• Fraudsters faked the display of ERC-20 transfers.
• The fake transactions looked like standard transfers in browsers, although in fact no funds were transferred and there were no wallet signatures.

Monad users encountered fake token transfers two days after the launch of the mainnet and the MON token. Attackers began to fake ERC-20 transactions, which browsers displayed as real transfers, although no actual movement of funds took place. The attack occurred during a period of high activity on the network, when users were receiving their tokens for the first time and creating new wallets.

The problem was reported by James Hunsaker, the project’s CTO and co-founder. He explained that the fraudsters deployed contracts that mimicked the ERC-20 interface and inserted fictitious transfer records, replacing events within their own contracts. This allowed the fake transactions to appear legitimate, despite the lack of signatures and the absence of asset movement.

Source: X.com

How fake ERC-20 transfers work

Hunsaker emphasized that the problem is not related to a vulnerability in the Monad blockchain itself. The creators of malicious smart contracts generated events that were fully compatible with the ERC-20 standard, allowing observers to perceive them as normal operations. Some contracts even created false token exchange requests, imitating trading activity in the MON ecosystem.

Slowmist security specialist Shān Zhang said that during the launch of new networks, fraudsters actively exploit the lack of transaction history among users. They create addresses that are almost identical to real ones, matching the first and last characters. After that, victims are sent fake transfers, which may appear in the history as the latest incoming transactions.

South Korea investigates two cases of cryptocurrency market manipulation

The suspects profited from artificially inflating prices and trading volumes.

Читать дальше

Zhang noted that most such attacks rely on “zero-value transfers” allowed by the ERC-20 standard. Real activity can be distinguished by the transaction initiator and the token contract address. If the user did not sign the transaction, then no real transfer took place — the fake only appears in the event logs, but does not affect the wallet balance.

Source: Сoingecko.com

Fake transfers appeared amid growing interest in the network after its launch. Over the course of a month, more than 76 000 wallets requested MON tokens, but only gained access on the day of launch. The token’s price rose 19% within 24 hours of launch, then rose 43% in a single day. Market capitalization reached $500 million, according to CoinGecko