Echo Protocol, which operates on the Monad blockchain, suffered a major security breach on Tuesday when an attacker minted approximately 1,000 unauthorized eBTC tokens, resulting in roughly $76.7 million worth of synthetic Bitcoin created without authorization. Blockchain security firms PeckShield and Lookonchain reported the incident, while Echo Protocol later confirmed it was investigating a security issue affecting its bridge infrastructure. The root cause was identified as a compromised admin private key rather than a smart contract vulnerability, according to blockchain developer Marioo, making this a breach of operational security rather than a technical flaw in the protocol’s code.
Exploit Details and Asset Movement
The attacker quickly began moving portions of the stolen assets through decentralized finance platforms. According to PeckShield, the hacker deposited 45 eBTC, valued at around $3.45 million, into Curvance, a DeFi lending and liquidity management platform. The attacker then borrowed approximately 11.3 wrapped Bitcoin worth about $868,000 against the collateral before bridging the assets to Ethereum.
After transferring the funds to Ethereum, the attacker swapped the assets into ETH and eventually sent around 384 ETH, valued at roughly $822,000, through Tornado Cash. Despite these movements, the majority of the stolen assets remain untouched. Data from DeBank indicates that the attacker still controls approximately 955 eBTC, which represents close to 95% of the stolen cryptocurrency and is worth around $73 million.
Security Weaknesses Identified
Several security weaknesses contributed to the scale of the exploit. These include reliance on a single-signature admin role, the absence of a timelock mechanism, no minting supply cap or rate limit, and a lack of supply validation checks for newly minted collateral on Curvance.
Response and Status Updates
Echo Protocol announced that all cross-chain transactions were suspended while the investigation continued. Curvance stated that its own smart contracts were not compromised but confirmed that it paused the affected eBTC market while investigations continue. Monad co-founder Keone Hon clarified that the Monad blockchain itself is unaffected and is operating normally.
The Echo Protocol exploit adds to a growing list of recent DeFi attacks, joining incidents involving THORChain, Verus Protocol’s Ethereum bridge, Transit Finance, TrustedVolumes, and Ekubo.
Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the
Disclaimer.
