A security breach on Echo Protocol, a DeFi platform built around Bitcoin, allowed an attacker to create approximately 1,000 fake eBTC tokens. This happened on the platform’s Monad deployment.
Summary
- Echo Protocol suspended cross-chain transactions after an attacker minted about $76.7 million in unauthorized eBTC on Monad.
- On-chain investigators said the exploiter used fake eBTC as collateral on Curvance to borrow real Bitcoin-backed assets before moving funds through Tornado Cash.
- Security researchers linked the incident to a compromised admin private key, while Monad and Curvance said their core networks and smart contracts were not breached.
On Tuesday, cybersecurity firm PeckShield and on-chain data analysts Lookonchain revealed that a hacker created approximately $76.7 million in fake Bitcoin tokens connected to Echo’s eBTC.
Initial investigations by several researchers revealed the problem wasn’t a weakness in Monad, but rather unauthorized access to Echo’s systems.
Immediately after illegally creating new tokens, the attacker transferred some of the stolen funds to decentralized lending platforms. According to data from Onchain Lens, they deposited 45 eBTC into Curvance as collateral and borrowed approximately $868,000 worth of wrapped Bitcoin (about 11.29 wBTC) using it.
Okay, so there’s been a pretty significant exploit. I just saw that Echo Protocol on Monad was hit, according to @dcfgod. Apparently, someone minted a huge amount of their token, $eBTC – around 1,000 of them, which is worth about $76.7 million. It looks like they used an exploit that had been tested before and moved the funds through Curvance. So far, they’ve deposited about 45 $eBTC, which comes out to around $3.45 million… I’m keeping a close eye on this to see how it unfolds, as it could affect the whole Monad ecosystem.
— Onchain Lens (@OnchainLens) May 18, 2026
Investigators tracking the stolen funds found that the attacker moved the borrowed assets to Ethereum, exchanged them for ETH, and then used Tornado Cash to obscure 385 ETH. PeckShield estimates that around $822,000 worth of ETH—about 384 ETH—had already been sent to this crypto mixing service.
Security researchers at PeckShield have reported a hack of the Echo Protocol on the Monad network. The attacker created (minted) $76.7 million worth of $eBTC and then deposited $3.45 million of it into Curvance. Using this deposit as collateral, they borrowed approximately $867,700 in $WBTC, transferred it to Ethereum, and then swapped it – indicating a likely attempt to cash out the stolen funds.
— PeckShieldAlert (@PeckShieldAlert) May 18, 2026
The vast majority of the stolen funds haven’t been moved yet. According to data from Lookonchain and DeBank, the hacker still holds approximately 955 eBTC, worth over $73 million.
DefiPrime’s founder, Nick Sawinyh, explained that the remaining tokens seem inaccessible because Monad’s lending platforms and decentralized exchanges don’t have enough liquidity to handle a large sell-off.
If you’re lending or borrowing on a new blockchain, here’s the key thing to remember: before you deposit any funds, carefully check what assets are being used as collateral, who can create them, and if there are any limits on how much can be created. As Sawinyh points out, if the lending platform can’t clearly explain who controls the creation of that collateral, you won’t be able to either.
Admin key compromise suspected
Echo Protocol first reported looking into a security problem with its Monad bridge. Later, blockchain developer Marioo clarified that the issue wasn’t a flaw in the bridge’s code, but instead happened because someone gained access to a private key used by an administrator.
Marioo found that the eBTC contract functioned correctly on a technical level, but several flaws in how it was operated enabled the attack to worsen. Specifically, a single person had full administrative control, there wasn’t a delay built in for important changes, there was no limit on how much eBTC could be created, and the system didn’t verify if the collateral backing new eBTC on Curvance was legitimate.
Curvance quickly confirmed the incident and temporarily stopped trading on the affected Echo eBTC market as a safety measure. They explained that the way the protocol is designed – with separate, isolated markets – prevented the problem from affecting other lending platforms. Curvance also confirmed that their own code hadn’t been hacked or compromised.
According to Monad co-founder Keone Hon, the blockchain network continued to function as expected and wasn’t compromised.
Just to be clear, the Monad network is working as usual and hasn’t been impacted. Security researchers have found that about $816,000 was taken due to a security issue with eBTC, a project by Echo Protocol.
— Keone Hon (@keoneHD) May 18, 2026
Hon later explained that security experts believe the exploit resulted in around $816,000 worth of value being stolen, even though a much larger amount of unauthorized items were created.
Echo Protocol, a platform that helps users trade Bitcoin and earn rewards on several blockchains like Aptos and Monad, has temporarily paused all transactions between different chains while they investigate a recent issue. The team will share more information as it becomes available through their official social media and website.
Several DeFi exploits have transpired in 2026
This security breach is the latest in a series of incidents impacting decentralized finance (DeFi) platforms this month. It follows a recent attack on Verus Protocol’s Ethereum bridge, which resulted in a loss of $11.6 million.
Earlier this year, two separate attacks caused significant financial losses in the crypto world. Drift Protocol lost around $285 million, and Kelp DAO suffered about $292 million in losses.
Recently, both THORChain and Transit Finance experienced security issues. THORChain paused trading after a potential $10 million exploit was identified by blockchain researcher ZachXBT. Transit Finance, meanwhile, revealed that an older, outdated smart contract was exploited, resulting in losses of almost $1.88 million.
Read More
- Re:Zero Season 4, Episode 6 Release Date & Time
- How to Get the Wunderbarrage in Totenreich (BO7 Zombies)
- NTE Drift Guide (& Best Car Mods for Drifting)
- How to Beat Turbines in ARC Raiders
- All Aswang Evidence & Weaknesses in Phasmophobia
- How to Get Necrolei Cyst & Strong Acid in Subnautica 2
- Where to Find Prescription in Where Winds Meet (Raw Leaf Porridge Quest)
- Conduit Crystal Location In Subnautica 2
- Diablo 4 Best Loot Filter Codes
- Best Where Winds Meet Character Customization Codes
2026-05-19 09:46