Decentralized finance protocol Echo Protocol was exploited after an attacker minted approximately 1,000 unauthorized eBTC on the protocol deployed on the Monad blockchain. Blockchain security firm PeckShield and analytics platform Lookonchain reported the incident on Tuesday, noting that the hacker minted 1,000 synthetic Bitcoin (eBTC) worth around $76.7 million. Echo Protocol confirmed on Tuesday that it was investigating a security incident impacting the Echo bridge on Monad, with all cross-chain transactions remaining suspended during the investigation. According to blockchain developer "Marioo," the exploit resulted from an admin private key compromise—an operational rather than technical failure. The incident occurs amid a broader surge in DeFi exploits, with at least 12 protocols compromised in the current month.
## Attacker's Laundering Attempt and Current Holdings
According to PeckShield, the attacker attempted to launder some of the stolen funds by depositing 45 eBTC (worth approximately $3.45 million) into DeFi lending and liquidity management protocol Curvance. The attacker then borrowed 11.3 wrapped Bitcoin (wBTC) worth $868,000 against the deposit, bridged the tokens to Ethereum, swapped them for ETH, and sent 384 ETH worth approximately $822,000 to the Tornado Cash mixing service.
As of the report, the attacker still holds 955 eBTC worth approximately $73 million, according to DeBank data.
The hacker still holds 95% of the stolen crypto. Source: DeBank
## Root Cause: Admin Private Key Compromise
Blockchain developer "Marioo" reported that the exploit was not caused by a smart contract bug but by an admin private key compromise, with the root cause being "operational, not technical." The eBTC contract "worked exactly as designed," according to Marioo, who identified vulnerabilities including a single signature for the admin role, no timelock, no minting supply cap or rate limit, and no "supply sanity check" by Curvance for the freshly minted collateral.
Curvance reported that it was aware of the "anomaly" detected in the Echo eBTC market and confirmed that there was no compromise with its own smart contracts. The protocol paused the affected market for investigation.
## Protocol and Network Responses
Monad co-founder Keone Hon clarified on X that "the Monad network is not affected and is operating normally." Echo Protocol stated it will provide updates through its official channels as more information becomes available.
## Broader DeFi Security Crisis in 2026
The year has been challenging for DeFi security, with dozens of protocols exploited for hundreds of millions in crypto and more than 20 protocols shuttering services.
Two of the largest hacks this year included the exploit of Drift Protocol, which lost $285 million, and Kelp DAO, which was exploited for $292 million in April. On Monday, Verus Protocol's Ethereum bridge was exploited through a fake cross-chain transfer message that allowed a hacker to steal at least $11.6 million in crypto. Decentralized liquidity protocol THORChain halted trading on Friday after blockchain investigator ZachXBT flagged a suspected $10 million exploit. Transit Finance suffered a deprecated smart contract exploit, resulting in the loss of $1.88 million the previous week.
