Virtuals, a decentralized and permissionless platform, recently experienced a scam incident involving the launch of a fake IRIS token project alongside the legitimate IRIS launch. The counterfeit project closely mimicked the branding and naming of the original IRIS token, causing users to mistakenly pledge points and $VIRTUAL tokens to the fraudulent version. The genuine IRIS token is identified by a green lock with a 182-day lock period, whereas the fake one had a 50% team unlock on day one. The fake IRIS projects were linked to newly created developer addresses, with funds traced through the Debridge cross-chain bridge, indicating attempts to obscure the source. Following the confusion, Virtuals manually refunded the points users lost to the scam, a move that drew attention due to its contradiction with the platform's decentralized and permissionless principles. The incident has raised concerns about the platform's ability to manage and prevent such fraudulent activities while maintaining its decentralized ethos.