How Did Echo Protocol Suffer $76M eBTC Minting Exploit on Monad

TLDR

• Echo Protocol suffered an exploit involving about 1,000 unauthorized eBTC on Monad.
• The unauthorized eBTC mint was valued at roughly $76M to $77M.
• The attacker used compromised admin access, according to early security reports.
• About 11.29 WBTC was borrowed from Curvance using 45 eBTC as collateral.
• Echo said it regained admin key control and burned the remaining 955 eBTC.

Echo Protocol suffered a security incident on its Monad deployment after an attacker minted about 1,000 unauthorized eBTC tokens, valued at roughly $76 million to $77 million, according to reports from blockchain security firms and on-chain analysts.

The Bitcoin-focused DeFi protocol allows users to access liquidity and yield through synthetic Bitcoin assets such as eBTC. Its main operations are linked to Aptos, but the protocol had expanded to other networks, including Monad.

Early findings from PeckShield, Lookonchain, and other researchers indicated that the exploit was linked to compromised administrative access connected to Echo’s infrastructure, rather than a breach of the Monad blockchain itself.

Attacker Mints Unauthorized eBTC

The attacker reportedly used a compromised admin key to mint around 1,000 eBTC on Monad. The unauthorized tokens were then used to access lending markets and extract real assets.

On-chain data showed that 45 eBTC, valued at about $3.45 million, was deposited into Curvance as collateral. The attacker then borrowed around 11.29 wrapped Bitcoin, worth about $868,000 at the time, before moving the funds across chains.

After borrowing the WBTC, the attacker bridged the assets to Ethereum, swapped them into ETH, and routed about 384 to 385 ETH through Tornado Cash, according to blockchain monitoring accounts. PeckShield estimated that about $822,000 had been moved through the mixer.

Although the unauthorized mint was valued at more than $76 million, Monad co-founder Keone Hon said security researchers estimated that about $816,000 in actual value had been stolen through the exploit.

---

---

Curvance and Monad Say Core Systems Were Not Breached

Curvance said the affected Echo eBTC market was paused after the incident. The lending protocol said its isolated market structure helped prevent the issue from spreading to other pools.

Curvance also said there was no indication that its smart contracts had been compromised. The issue centered on the collateral asset supplied through Echo’s eBTC market.

Monad also said its network continued operating normally. Hon stated that the Monad blockchain was not affected and that the issue was tied to Echo Protocol’s eBTC deployment.

Blockchain developer Marioo said the eBTC contract appeared to operate as designed, but the incident exposed operational weaknesses. The researcher pointed to suspected single-signature admin control, no timelock, no minting cap, no issuance rate limit, and weak collateral checks for newly minted eBTC.

Echo Burns Remaining Tokens and Pauses Bridges

Echo Protocol later said it had regained control of the relevant admin keys and burned the remaining 955 eBTC that the attacker still held. The protocol also paused cross-chain functionality for the Monad deployment.

The team said it upgraded the relevant Monad contract to restrict affected operations and strengthen control over sensitive functions. Echo added that the Aptos bridge had not been affected, but it paused Aptos bridge operations as a precaution while its review continues.

The incident adds to a series of DeFi security events reported in 2026. Recent cases include exploits involving Verus Protocol, THORChain, Transit Finance, Drift Protocol, and KelpDAO.