Echo Protocol, a DeFi platform on the Monad blockchain, suffered a $76.7 million security breach Tuesday. An attacker minted approximately 1,000 eBTC, or synthetic Bitcoin, without authorization. Blockchain security firm PeckShield and analytics platform Lookonchain confirmed the incident.
The protocol confirmed it is investigating the incident and has suspended all cross-chain transactions. According to blockchain developer 'Marioo,' the exploit was an admin private key breach, not a smart contract vulnerability. The eBTC contract functioned as designed, but the protocol lacked multi-signature authorization, a timelock, and proper supply limits.
The hacker attempted to launder funds by depositing 45 eBTC ($3.45 million) into the lending protocol Curvance, borrowing 11.3 wBTC, bridging to Ethereum, and sending 384 ETH to Tornado Cash. The hacker still holds 955 eBTC, worth nearly $73 million.