Decentralized finance protocol Echo Protocol suffered a major security incident after an attacker compromised the admin private key and minted approximately 1,000 eBTC tokens on the Monad blockchain. Blockchain analytics firm PeckShield and on-chain monitoring service Lookonchain both identified the exploit on May 19, noting that the minted synthetic Bitcoin tokens had a notional value of roughly $76.7 million.
Investigation details indicate the exploit resulted from operational misconfigurations rather than smart contract code vulnerabilities. Single-signature admin role, absence of a multi-signature governance module, and lack of supply caps enabled the attacker to invoke the mint function without triggering any internal supply sanity checks. The protocol’s timelock and rate limiting mechanisms were not engaged, allowing instantaneous unauthorized token creation.
Following minting, the attacker attempted to launder part of the proceeds by depositing 45 eBTC into the Curvance lending and liquidity management protocol. The attacker borrowed 11.3 wrapped Bitcoin (wBTC) against the deposit, bridged funds to Ethereum, and swapped tokens for 384 ETH. Tornado Cash was used as the mixing service, through which $822,000 worth of ETH was routed. Blockchain forensic data shows 955 eBTC, valued at approximately $73 million, remained in the attacker’s address until Echo Protocol regained control of the compromised admin key. Protocol administrators subsequently burned the 955 eBTC, neutralizing most of the unauthorized supply.
Protocol team statements confirmed cross-chain transactions remain suspended pending a full audit of governance and operational controls. Monad network co-founder Keone Hon verified that the underlying layer-1 blockchain was unaffected and continued normal operations. Curvance paused the affected eBTC market to contain risk and prevent secondary exploits.
The incident underscores an industry-wide surge in DeFi protocol exploits during 2026, as operational governance failures become focal points for attackers. Notable examples include THORChain’s $10 million exploit on May 15 and the Verus Protocol cross-chain bridge hack that drained $11.6 million. Combined losses from protocol hacks in May now exceed $100 million, fueling calls for standardized operational audits and multi-signature governance models in smart contract deployments.
Security experts recommend adoption of timelock contracts, supply caps, multi-signature roles, and decentralized autonomous organization (DAO) frameworks to mitigate single-point-of-failure risks. Industry participants await Echo Protocol’s post-mortem report to assess long-term governance improvements and restitution plans for affected liquidity providers and token holders.
Comments (0)