Login
Sign Up
Decentralized finance protocol Echo Protocol suffered a significant security breach on the Monad blockchain after an attacker successfully minted approximately 1,000 unauthorized synthetic Bitcoin tokens, known as eBTC. Blockchain security firm PeckShield and analytics platform Lookonchain confirmed the incident on Tuesday, estimating the total value of the stolen assets at roughly $76.7 million. In response to the breach, Echo Protocol issued a statement confirming an ongoing investigation into the security incident affecting its bridge on Monad, noting that all cross-chain transactions have been suspended until further notice.
This exploit marks another major setback in a volatile month for the sector, which has already witnessed at least 12 protocol compromises including THORChain, Verus Protocol's Ethereum bridge, Transit Finance, TrustedVolumes, and Ekubo. Data compiled by Woofun AI indicates that the attacker attempted to launder a portion of the illicit gains by depositing 45 eBTC, valued at approximately $3.45 million, into Curvance, a DeFi lending and liquidity management protocol. The attacker subsequently borrowed 11.3 wrapped Bitcoin (wBTC) worth $868,000 against this collateral, bridged the assets to Ethereum, swapped them for ETH, and transferred 384 ETH, valued at about $822,000, to the Tornado Cash mixing service.
Despite the partial laundering attempt, the majority of the stolen funds remain unspent. According to DeBank, the attacker currently holds 955 eBTC, representing a value of approximately $73 million. Echo Protocol operates as a Bitcoin DeFi platform designed for liquidity aggregation, liquid staking, restaking, and yield generation, creating unified liquid BTC assets like eBTC for deployment across DeFi ecosystems. The protocol is deployed on Monad, a high-performance, layer-1, EVM-compatible blockchain designed to handle complex financial operations.
Blockchain developer Marioo clarified that the root cause of the breach was not a smart contract bug but rather a compromise of the admin private key, characterizing the failure as operational rather than technical. The eBTC contract functioned exactly as designed, yet the system lacked critical security controls including a single signature requirement for the admin role, no timelock mechanisms, no minting supply caps or rate limits, and no supply sanity checks by Curvance for freshly minted collateral. Curvance acknowledged detecting an anomaly in the Echo eBTC market and confirmed that its own smart contracts were not compromised, subsequently pausing the affected market for investigation.
Monad co-founder Keone Hon addressed the situation on X, clarifying that the Monad network itself remains unaffected and is operating normally. Echo Protocol stated it will continue to provide updates through official channels as more information becomes available. Woofun AI notes that this incident underscores the persistent risks associated with centralized administrative controls in decentralized systems, where a single point of failure can lead to catastrophic financial losses despite robust underlying code.
The broader DeFi security landscape has faced severe challenges this year, with dozens of protocols exploited for hundreds of millions in crypto assets and more than 20 protocols shutting down services. Two of the largest hacks included the Drift Protocol, which lost $285 million, and Kelp DAO, which was exploited for $292 million in April. On Monday, Verus Protocol's Ethereum bridge was compromised via a fake cross-chain transfer message, resulting in the theft of at least $11.6 million in crypto.
Concurrently, decentralized liquidity protocol THORChain halted trading on Friday after blockchain investigator ZachXBT flagged a suspected $10 million exploit.
Meanwhile, Transit Finance suffered a deprecated smart contract exploit last week, leading to a loss of $1.88 million. Woofun AI analysis suggests that as DeFi protocols scale, the reliance on operational security measures and multi-signature governance becomes increasingly critical to prevent similar administrative key compromises from derailing ecosystem stability.