$77M Lost in Echo Protocol eBTC Breach Following Administrator Key Hack
Approximately 5% of stolen funds have been funneled through Tornado Cash while the perpetrator retains control of the remaining 955 eBTC.
A security breach at decentralized finance platform Echo Protocol resulted in the unauthorized creation of approximately 1,000 eBTC tokens on the platform, which operates on the Monad blockchain network.
The security breach was disclosed on Tuesday by blockchain security company PeckShield alongside analytics service Lookonchain, with both entities confirming that an unauthorized party generated 1,000 synthetic Bitcoin (eBTC) tokens valued at approximately $76.7 million.
"We are currently investigating a security incident impacting the Echo bridge on Monad. All cross-chain transactions remain suspended while the investigation is underway," Echo Protocol said on Tuesday.
The exploit represents the latest in a series of security incidents this month, which has witnessed no fewer than 12 platform compromises, among them THORChain, Verus Protocol's Ethereum bridge, Transit Finance, TrustedVolumes and Ekubo.
Data from PeckShield reveals that the perpetrator made efforts to launder a portion of the stolen assets by depositing 45 eBTC valued at roughly $3.45 million into Curvance, a DeFi lending and liquidity management protocol.
Subsequently, the perpetrator obtained a loan of 11.3 wrapped Bitcoin (wBTC) valued at $868,000 using the deposited assets as collateral, transferred the tokens to the Ethereum network, converted them to ETH, and funneled 384 ETH worth approximately $822,000 into the Tornado Cash mixing service.
Data from DeBank indicates that the perpetrator continues to maintain possession of 955 eBTC valued at roughly $73 million.
Operating as a Bitcoin DeFi platform, Echo Protocol specializes in Bitcoin liquidity aggregation, liquid staking, restaking, and yield generation services. The platform generates unified, liquid BTC assets including eBTC that enable users to bridge and utilize in DeFi applications for generating additional yield. The protocol operates on Monad, a high-performance, layer-1, EVM-compatible blockchain.
Admin private key compromised
According to blockchain developer "Marioo," the incident stemmed not from a smart contract vulnerability, but rather from a compromised admin private key, with the fundamental cause being "operational, not technical."
The eBTC contract "worked exactly as designed," they said, while highlighting that the security weaknesses encompassed a single signature requirement for the admin role, absence of a timelock mechanism, lack of minting supply cap or rate limit restrictions, and the absence of a "supply sanity check" by Curvance for the newly minted collateral.
Curvance acknowledged awareness of the "anomaly" identified in the Echo eBTC market on Curvance and verified that its own smart contracts remained uncompromised. The platform suspended the impacted market pending further investigation.
Monad co-founder Keone Hon clarified on X that "the Monad network is not affected and is operating normally."
Echo Protocol has committed to releasing additional updates via its official communication channels as further details emerge.
DeFi hacks surge in 2026
The decentralized finance sector has faced substantial security challenges this year, with numerous protocols experiencing exploits resulting in hundreds of millions in stolen cryptocurrency and over 20 platforms ceasing operations.
Among the most significant security breaches this year were the Drift Protocol exploit, which resulted in losses of $285 million, and the Kelp DAO incident, which saw hackers extract $292 million in April.
Just one day prior, on Monday, the Verus Protocol's Ethereum bridge fell victim to an exploit involving a fraudulent cross-chain transfer message that enabled a hacker to extract no less than $11.6 million in cryptocurrency.
THORChain, a decentralized liquidity protocol, suspended trading operations on Friday following alerts from blockchain investigator ZachXBT regarding a suspected $10 million security exploit.
Additionally, Transit Finance experienced a security breach involving a deprecated smart contract exploit, which led to losses totaling $1.88 million last week.