- The Echo Protocol attacker minted 1,000 fake eBTC worth $76.6 million.
- The attack was a result of hackers compromising an admin’s private key.
- Security researchers estimated actual losses near $816,000 due to weak liquidity.
Bitcoin DeFi protocol Echo Protocol suffered a major exploit after an attacker gained control of the protocol’s admin private key and minted 1,000 unauthorized eBTC on the Monad blockchain.
The fake mint carried a paper value of roughly $76.64 million. Most of the tokens remain stranded in the attacker’s wallet due to weak liquidity across Monad-based DeFi markets.
The exploit adds to a growing wave of DeFi attacks this month. May has already recorded at least 14 separate crypto hacks across protocols and bridges.
Attacker Used Fake eBTC as Loan Collateral
Blockchain investigators tracked the attacker’s movements shortly after the exploit surfaced. The wallet deposited 45 eBTC, worth around $3.45 million, into lending protocol Curvance as collateral. Against that position, the attacker borrowed 11.29 WBTC worth roughly $867,000.
The borrowed Bitcoin was bridged to Ethereum, swapped into ETH, then moved through Tornado Cash. On-chain data showed 384 ETH, worth about $822,000 at the time, entering the mixer.
The attacker still controls 955 eBTC valued at nearly $73 million on paper. Those tokens are not backed by real Bitcoin reserves.
Security researchers later estimated the actual realized theft at around $816,000 because Monad’s liquidity was too shallow for the attacker to offload the full supply.
Private Key Failure Triggered the Breach
Early findings point to an operational security failure rather than a smart contract flaw. Developers tracking the exploit said Echo Protocol relied on a single admin private key without multisig protection, timelocks, mint caps, or issuance rate limits.
Once the attacker obtained the admin role, they granted themselves minting authority and created the eBTC supply almost instantly.
The exploit exposed another weakness across DeFi lending systems. Curvance accepted the newly minted eBTC as collateral without verifying the supply’s integrity or the token’s origin before issuing loans.
Curvance later paused the affected market. The protocol stated that its isolated market design prevented damage from spreading into other pools.
On the other hand, Monad co-founder Keone Hon said the Monad blockchain itself was not affected by the exploit. Echo Protocol suspended all cross-chain transfers while investigations continue.
The protocol operates as a Bitcoin liquidity and yield platform that issues synthetic BTC assets like eBTC for use across DeFi applications.
Related: DeFi Insurance Gap Leaves Billions Exposed as Hacks Keep Rising
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
