Echo Protocol, a Bitcoin liquidity and synthetic asset protocol built on the Monad ecosystem, suffered a major exploit after attackers minted approximately 1,000 eBTC tokens worth nearly $76.7 million through a compromised administrator key tied to its Monad deployment. The exploit was first flagged by on-chain analysts and blockchain security researchers who identified abnormal minting activity involving Echo's eBTC market on Monad. According to multiple security reports, the attacker minted unbacked eBTC tokens before using part of the position as collateral within decentralized finance protocols to extract additional assets. Echo Protocol later confirmed the incident in an official statement, saying the exploit originated from an administrator key compromise connected to its Monad-based eBTC deployment rather than a flaw within the Monad blockchain itself. Security researchers estimate roughly $816,000 worth of assets were successfully siphoned from the ecosystem before mitigation measures were implemented.
## Attack Details and Asset Flow
Blockchain investigators identified the attacker's transaction sequence across multiple protocols and networks. The attacker deposited approximately 45 eBTC into the Curvance lending protocol and borrowed around 11.29 wrapped Bitcoin before bridging assets from Monad to Ethereum. The funds were later swapped into Ether and partially routed through Tornado Cash in an attempt to obscure transaction trails.
Echo Protocol regained control of the compromised administrator key and burned 955 eBTC that remained under attacker control.
## Cross-Chain Transactions Suspended During Investigation
Following the exploit, Echo Protocol suspended all cross-chain transactions tied to the Monad deployment while investigations continue. The team is upgrading bridge contracts and strengthening permission control systems as part of ongoing remediation efforts.
Echo Protocol emphasized that the incident appears isolated to the Monad deployment and that Aptos-based assets tied to the project were not directly affected. The protocol stated its Aptos-based aBTC and Monad-based eBTC products operate independently without direct bridging functionality between the two systems.
Monad itself stated that the network's core infrastructure was not compromised. Security researchers and ecosystem contributors continue monitoring associated wallets for additional suspicious activity or further laundering attempts involving the remaining funds.
## DeFi Security Concerns Intensify
The Echo Protocol exploit adds to a growing number of major decentralized finance security incidents during May. Blockchain analytics firms noted that the Echo incident marked at least the fourteenth publicly reported crypto exploit of the month.
Security firms tracking the exploit highlighted the operational risks tied to centralized administrator permissions within ostensibly decentralized systems. Several researchers pointed to compromised private keys and insufficient access control protections as recurring causes behind recent DeFi attacks.
The attack also drew attention to the increasing complexity of cross-chain exploit strategies. By leveraging lending markets, synthetic assets, bridges, and privacy infrastructure across multiple networks, attackers continue demonstrating sophisticated laundering techniques that complicate recovery efforts for affected protocols.
Investigations into the full scope of the exploit and potential recovery options remain ongoing.
