Echo Protocol, a Bitcoin yield layer, was exploited on the Monad blockchain Tuesday. An attacker minted 1,000 unauthorized eBTC, worth approximately $77 million, after gaining control of a compromised admin key.
The hacker then deposited 45 eBTC into the DeFi protocol Curvance, borrowed 11.29 WBTC (worth $867,700), bridged the funds to Ethereum, swapped for ETH, and laundered 384 ETH through the coin mixer Tornado Cash.
Blockchain security firm PeckShield flagged the incident, citing onchain sleuth dcfgod. Echo Protocol confirmed the breach on X, stating the issue was isolated to its Monad deployment and that no compromise was detected on the Aptos chain. The team said it regained control of its admin keys and burned the remaining 955 eBTC held by the attacker. Net losses were estimated at roughly $816,000.
The exploit follows a pattern of admin-key vulnerabilities affecting cross-chain protocols. Misha Putiatin, co-founder of Symbiotic and security firm Statemind, told Decrypt that the industry should expect more such attacks as protocols rely more heavily on off-chain infrastructure, calling it a “balancing act” between usability and security.
Echo has paused cross-chain functionality, upgraded its Monad contracts, and suspended its Aptos bridge and lending as a precaution. The breach adds to pressure on DeFi security after recent exploits at THORChain, TrustedVolumes, and the $293 million Lazarus Group attack on KelpDAO.