Echo Protocol is looking into a security issue with its bridge on Monad. Reports from crypto analysts indicate an attacker created 1,000 eBTC and then used some of it to drain WBTC liquidity from Curvance.
I started getting worried when I saw a post from DCF GOD, a well-known on-chain analyst. They were saying Echo might have been hacked on Monad. Apparently, someone created 1,000 eBTC from seemingly nowhere, then used it as collateral on Curvance to borrow a bunch of wrapped Bitcoin. They quickly bridged that borrowed Bitcoin and sent it through Tornado to hide it. I checked the Monad blockchain myself and saw a transaction showing that 1,000 eBTC transfer on May 18th at 9:21:32 PM UTC – it definitely looked suspicious.
$76M Crypto Mint Sparks Alarm
Lookonchain further analyzed the attacker’s actions. They found the attacker created 1,000 eBTC (worth around $76.64 million), then deposited $3.45 million worth of eBTC into Curvance. From there, they borrowed $867,000 worth of WBTC, converted it to Ethereum (385 ETH, around $821,000), and deposited the ETH into Tornado Cash. The attacker still holds 955 eBTC, currently valued at about $73.2 million.
According to Phylax Systems CEO Odysseas Lamtzidis, the investigation indicates the issue wasn’t a bug in the Curvance lending platform, but rather a security breach related to how administrative roles were managed on the eBTC side. He explained that the eBTC administrator mistakenly gave a specific address (0x6A0109) full administrative control. This address then removed the original administrator’s access, gave itself the ability to create new eBTC tokens, created 1,000 new tokens, and used 45 of those as collateral to borrow approximately 11.296 WBTC. Lamtzidis believes this sequence of events strongly suggests someone compromised the administrator’s credentials or access rights.
Echo has acknowledged a security issue affecting its Monad bridge. They are investigating and have temporarily stopped all transactions crossing between networks. Echo says they’ll share updates as they learn more. Right now, fixing the bridge is the priority, even more so than the lending platform that was involved.
Curvance was impacted by problems in its Echo eBTC market, which it temporarily shut down for investigation. Curvance stated that its contracts weren’t hacked and its system prevented the issue from spreading to other markets. Importantly, the Monad network itself remained unaffected.
Monad CEO Keone Hon announced on X (formerly Twitter) that the Monad network is functioning as usual and wasn’t impacted by a recent security issue. Researchers have found that about $816,000 was taken due to a problem with eBTC on the Echo Protocol.
This event shows a common problem with lending involving ‘bridged’ assets. Once an asset from another blockchain is accepted as collateral, even a small way to convert it can cause a problem on the original blockchain to result in actual financial losses. In this case, eBTC was created, used to borrow WBTC, moved off the Monad network, converted to ETH, and then hidden using a mixing service before the entire transaction was completed.
The next update for Echo needs to address several key concerns. These include confirming that the unauthorized eBTC has been dealt with, whether Curvance will lose money due to the WBTC loan, which specific bridges or contracts were used in the incident, and when it will be safe to start making transactions across different blockchains again. For now, the eBTC market on Monad is where users are closely watching to see if the problem has been fully resolved or is still ongoing.
The recent Echo exploit comes at a difficult time for the security of cryptocurrency systems. Just weeks earlier, THORChain lost over $10 million in various cryptocurrencies, including Bitcoin and Ethereum. Shortly after, the Verus-Ethereum Bridge was hacked for around $11.5 million. These incidents, along with Echo, highlight the ongoing vulnerability of cryptocurrency bridges – systems that allow assets to move between different blockchains – and the risks associated with how they’re designed and managed. They serve as a reminder that these areas remain prime targets for attackers in the decentralized finance (DeFi) space.
We’ve identified an issue with eBTC on Monad. Someone gained unauthorized access to an administrative key, which allowed them to create new eBTC tokens and resulted in a loss of funds, estimated at around $816,000. The Monad network itself is secure and continues to function as normal. This is an update from X.
Since we discovered the issue, we’ve been thoroughly investigating whether other blockchains were affected, working with our partners in the crypto community, and taking extra steps to protect our systems. We’ve also regained control of our important security keys and destroyed the 955 eBTC the attacker had.
At press time, the total crypto market cap stood at $2.54 trillion.
Read More
- Re:Zero Season 4, Episode 6 Release Date & Time
- How to Get the Wunderbarrage in Totenreich (BO7 Zombies)
- NTE Drift Guide (& Best Car Mods for Drifting)
- How to Beat Turbines in ARC Raiders
- All Aswang Evidence & Weaknesses in Phasmophobia
- How to Get Necrolei Cyst & Strong Acid in Subnautica 2
- Conduit Crystal Location In Subnautica 2
- Where to Find Prescription in Where Winds Meet (Raw Leaf Porridge Quest)
- Diablo 4 Best Loot Filter Codes
- Best Burst & Full Auto Builds for the M16A4 in BF6
2026-05-19 12:29