Echo Protocol Exploit Results in $76M Loss Due to Compromised Admin Key

Echo Protocol Exploit Results in $76M Loss Due to Compromised Admin Key

First seen 19 May 2026, 15:23 UTC BitgetKucoinEn.BloomingbitPanewslabDecrypt.Co+5 89% similarity 68.2

Article Content

Browse articles
ThreatCluster

On May 19, 2026, Echo Protocol, a Bitcoin DeFi platform, suffered a significant exploit on the Monad blockchain, leading to the unauthorized minting of 1,000 eBTC valued at approximately $76 million. The breach was attributed to a compromised admin key, allowing the attacker to mint and subsequently launder around $816,000 through Tornado Cash. The hacker deposited 45 eBTC worth $3.45 million into the lending platform Curvance, borrowed 11.29 WBTC, and converted it to ETH. Echo Protocol confirmed that the Monad network itself was not compromised, and they have regained control of the admin keys and burnt the remaining eBTC held by the attacker. The incident has prompted Echo Protocol to suspend all cross-chain transactions and enhance security measures. The attack reflects ongoing vulnerabilities in DeFi protocols, particularly concerning centralized key management.

Key Points: • Echo Protocol lost approximately $76 million due to a compromised admin key. • The attacker laundered around $816,000 through Tornado Cash after minting unauthorized eBTC. • The incident highlights vulnerabilities in DeFi protocols reliant on centralized key management.

ThreatCluster AI

Timeline

2026-05-19
Echo Protocol exploit confirmed
Echo Protocol reported a security incident involving unauthorized minting of 1,000 eBTC due to a compromised admin key.
Decrypt.Co
2026-05-19
Funds laundered through Tornado Cash
The attacker laundered approximately $816,000 in ETH via Tornado Cash after exploiting the protocol.
Investing
2026-05-19
Cross-chain transactions suspended
Echo Protocol suspended all cross-chain transactions and enhanced security measures following the exploit.
Kucoin
2026-05-19
Monad network unaffected
Monad co-founder confirmed that the Monad network was not compromised and continues to operate normally.
Panewslab

Community

Browse all →