TL;DR:
- Echo Protocol suffered a Monad deployment exploit after an attacker minted 1,000 unauthorized eBTC worth about $76 million to $77 million.
- Early reviews linked the breach to compromised administrative access affecting Echo infrastructure, while Monad itself was not described as compromised.
- The exploiter used 45 eBTC on Curvance to borrow 11.29 WBTC, routed ETH through Tornado Cash, while Echo burned roughly 955 eBTC after regaining control during the response.
Echo Protocol suffered a major security incident on its Monad deployment after an attacker minted 1,000 unauthorized eBTC, a synthetic Bitcoin asset valued at about $76 million to $77 million. The breach quickly became another test of confidence for cross-chain DeFi, because the headline figure looked catastrophic even as later estimates put realized stolen value closer to $816,000. For users and liquidity partners, the exploit exposed the gap between notional damage and recoverable loss, especially when unbacked assets can briefly interact with real borrowing markets under thin safeguards and urgent operational constraints.
#PeckShieldAlert @dcfgod reports that @EchoProtocol_ was hacked on @monad
The hacker minted 1k $eBTC ($76.7M) &, utilizing the tested flow, deposited 45 $eBTC ($3.45M) into Curvance. They then borrowed ~11.29 $WBTC ($867.7K) against it, bridged the $WBTC to #Ethereum, swappedā¦ https://t.co/DjgI0v85Rw pic.twitter.com/wNnA77UDuI
— PeckShieldAlert (@PeckShieldAlert) May 18, 2026
Unauthorized Minting Turns Into Liquidity Shock
Early security reviews linked the incident to compromised administrative access connected to Echoās infrastructure, not to a failure of the Monad network itself. That distinction matters because the exploit appears to have targeted privileged minting permissions rather than base-chain consensus. Echo said it was investigating a security issue affecting its bridge on Monad and suspended all cross-chain transactions while the review continued. The core risk was permission control, showing how a single administrative pathway can turn into systemic stress when it governs token issuance across a live DeFi deployment.
The attackerās route showed how synthetic supply can become real liquidity before teams react. After minting the unauthorized eBTC, the exploiter deposited 45 eBTC into Curvance, borrowed about 11.29 WBTC, bridged the assets to Ethereum, swapped them into ETH and routed roughly 384 to 385 ETH through Tornado Cash. Curvance paused the affected market while emphasizing that its own smart contracts did not appear compromised. The laundering path converted false collateral into external assets, making speed, monitoring and isolated market design critical parts of incident response.
The remaining supply became the containment question. Echo later regained control of the affected admin keys and burned about 955 eBTC, cutting off most of the unauthorized mint before it could be converted. That leaves a more complicated market narrative than the $76 million headline suggests: the nominal mint was massive, but the realized extraction was far smaller. Still, the incident leaves DeFi with another governance and key-management warning, because cross-chain systems can appear solvent until privileged access fails, at which point trust depends on how quickly contracts are paused, assets traced, users informed and privileged roles redesigned before similar bridges reopen under pressure across multiple liquidity venues in real time.
