Echo Protocol Exploit Results in $76M Loss Due to Compromised Admin Key
Severity: High (Score: 68.2)
Sources: Beincrypto, Investing, Decrypt.Co, Bitget, Panewslab
Published: · Updated:
Keywords: bitcoin, echo, protocol, monad, exploit, defi, platform
Severity indicators: pla, ot
Summary
On May 19, 2026, Echo Protocol, a Bitcoin DeFi platform, suffered a significant exploit on the Monad blockchain, leading to the unauthorized minting of 1,000 eBTC valued at approximately $76 million. The breach was attributed to a compromised admin key, allowing the attacker to mint and subsequently launder around $816,000 through Tornado Cash. The hacker deposited 45 eBTC worth $3.45 million into the lending platform Curvance, borrowed 11.29 WBTC, and converted it to ETH. Echo Protocol confirmed that the Monad network itself was not compromised, and they have regained control of the admin keys and burnt the remaining eBTC held by the attacker. The incident has prompted Echo Protocol to suspend all cross-chain transactions and enhance security measures. The attack reflects ongoing vulnerabilities in DeFi protocols, particularly concerning centralized key management. Key Points: • Echo Protocol lost approximately $76 million due to a compromised admin key. • The attacker laundered around $816,000 through Tornado Cash after minting unauthorized eBTC. • The incident highlights vulnerabilities in DeFi protocols reliant on centralized key management.
Detailed Analysis
**Impact** The exploit affected Echo Protocol’s deployment on the Monad blockchain, resulting in unauthorized minting of 1,000 eBTC valued at approximately $76.7 million. Approximately $816,000 was laundered through Tornado Cash, with the remaining 955 eBTC tokens burned after recovery of admin keys. The Monad network itself was not compromised and continues normal operation. Cross-chain functionality on Monad and the Aptos bridge were suspended, impacting DeFi users relying on Echo’s Bitcoin liquidity aggregation and yield services, primarily in the decentralized finance sector. **Technical Details** The attacker exploited a compromised administrative private key with minting privileges on the Monad deployment of Echo Protocol, not a smart contract vulnerability. The breach involved unauthorized minting of 1,000 eBTC tokens, depositing 45 eBTC as collateral on Curvance, borrowing 11.29 WBTC, bridging assets to Ethereum, swapping for ETH, and laundering 384 ETH via Tornado Cash. The contract lacked a timelock and minting caps, and used a single-admin signature structure. No CVEs or malware were reported. The kill chain stage corresponds to credential compromise and unauthorized asset creation. **Recommended Response** Defenders should immediately revoke and rotate all administrative keys with minting privileges and implement multi-signature controls and timelocks on sensitive contract functions. Cross-chain bridges and lending markets should be suspended until security upgrades are verified. Deploy monitoring for unusual minting activity and large asset movements, especially involving cross-chain transfers and mixers like Tornado Cash. Harden operational security around key management and off-chain infrastructure to prevent similar credential compromises.
Source articles (11)
- Bitcoin DeFi Platform Echo Protocol Hit By $76M Monad Exploit — Decrypt.Co · 2026-05-19
Bitcoin liquidity aggregation and yield infrastructure layer, Echo Protocol, was hit by an exploit on its deployment on the Monad blockchain after an attacker minted 1,000 unauthorized eBTC worth appr… - Aware of Echo Protocol Security Incident, Monad Network Unaffected — Bitget · 2026-05-19
According to Odaily, Monad co-founder Keone Hon stated on X that the team is aware of a security incident related to EchoProtocol's eBTC. Security researchers are currently investigating the issue, Mo… - Bitcoin DeFi Platform Echo Protocol Hit By $76M Monad Exploit — Decrypt.Co · 2026-05-19
Bitcoin liquidity aggregation and yield infrastructure layer, Echo Protocol, was hit by an exploit on its deployment on the Monad blockchain after an attacker minted 1,000 unauthorized eBTC worth appr… - The Monad network was unaffected by the Echo security incident and is operating normally. — Panewslab · 2026-05-19
PANews reported on May 19th that Monad co-founder Keone Hon posted on the X platform that the Monad network was unaffected and operating normally, and security researchers are investigating the Echo P… - Bitcoin Holds $75K Support Amid $76M Echo Protocol Exploit — Investing · 2026-05-19
Echo Protocol, the popular Bitcoin liquidity aggregation and yield infrastructure layer, has suffered an exploit that cost the protocol $76 million. The exploit happened just as Echo Protocol was depl… - Echo Protocol Security Incident on Monad Chain Involves Unauthorized eBTC Minting — Kucoin · 2026-05-19
The Bitcoin liquidity protocol Echo Protocol suffered a security incident on the Monad chain. The attacker first unauthorized minted 1,000 eBTC, then used a portion as collateral to borrow assets and… - Echo Protocol Hack Lifts May's Crypto Exploit Total to 14 — Beincrypto · 2026-05-19
Echo Protocol suffered an exploit on Monad, with an attacker minting 1,000 eBTC worth roughly $76.64 million. Curvance paused the affected market while Echo Protocol suspended all cross-chain transact… - We are investigating a security incident affecting the Echo cross — Panewslab · 2026-05-19
PANews reported on May 19th that Echo Protocol announced on its X platform that it is investigating a security incident affecting the Echo cross-chain bridge on the Monad chain. All cross-chain transa… - Echo Protocol Hack May Have Stemmed From Stolen Admin Key, Not Smart Contract Flaw — En.Bloomingbit · 2026-05-19
The hack of Monad-based decentralized finance project Echo Protocol may have been caused by a stolen administrator private key rather than a smart contract flaw. Cointelegraph reported on May 19 that… - Echo Protocol Investigates Security Incident on Monad Bridge, Suspends Cross — En.Bloomingbit · 2026-05-19
Echo Protocol, a decentralized finance project on Monad, said it is investigating a security incident involving its bridge. In a post on X on May 18, the project said the incident occurred on the Mona… - Monad co-founder confirms network unaffected by EchoProtocol security incident. — Kucoin · 2026-05-19
Odaily Planet Daily reports: Keone Hon, co-founder of Monad, posted on X that the team has become aware of a security incident related to EchoProtocol’s eBTC. Security researchers are currently invest…
Timeline
- 2026-05-19 — Echo Protocol exploit confirmed: Echo Protocol reported a security incident involving unauthorized minting of 1,000 eBTC due to a compromised admin key.
- 2026-05-19 — Funds laundered through Tornado Cash: The attacker laundered approximately $816,000 in ETH via Tornado Cash after exploiting the protocol.
- 2026-05-19 — Cross-chain transactions suspended: Echo Protocol suspended all cross-chain transactions and enhanced security measures following the exploit.
- 2026-05-19 — Monad network unaffected: Monad co-founder confirmed that the Monad network was not compromised and continues to operate normally.
Related entities
- Lazarus Group (Apt Group)
- Data Breach (Attack Type)
- Curvance (Platform)
- THORChain (Platform)
- Aptos (Platform)
- Echo Aptos Lending Service (Platform)
- Echo Lending Market (Platform)
- EVM Series Bridge Deployment (Platform)
- Hyperion (Platform)
- Monad Blockchain (Platform)
- Echo Protocol (Company)
- EchoProtocol (Company)
- KelpDAO (Company)
- Monad (Company)
- Monad Network (Company)
- TrustedVolumes (Company)
- Verus-Ethereum Bridge (Company)
- Ethereum (Company)
- X (Company)
- North Korea (Country)
- T1078 - Valid Accounts (Mitre Attack)
- Tornado Cash (Tool)