News
19 May 2026, 08:38
Echo Protocol exploit sparks alarm after $73M eBTC mint

The Bitcoin DeFi project Echo fell victim to an exploit on Monday. Blockchain security platform Lookonchain shows a hacker minted 1,000 eBTC ($76.64M) on Monad, and then collateralized 45 eBTC on Curvance to borrow 11.29 WBTC worth $867,700. The attacker later redirected the assets to Ethereum and converted them to native ETH while funneling 384 ETH into Tornado Cash. The attacker’s wallet still retains 955 eBTC of the fake supply, which the platform estimates is worth about $73.2 million. Blockchain firm OnChain Lens even confirmed: “The attacker still appears to control a significant amount of minted eBTC.” The incident comes as the DeFi sector continues to grapple with a rising wave of protocol breaches and private key compromises. Curvance says the exploit only affected Monad’s eBTC/WBTC market Monad and Curvance have both now publicly recognized the exploit. Monad Co-founder Keone Hon posted on X: We’re aware of an incident related to Echo Protocol’s eBTC on Monad, and security researchers are investigating. Keone Hon In another post, the founder noted they had lost about $816,000 to the exploit. Curvance also shared , “Out of an abundance of caution, the affected market has been paused while our team actively investigates the situation alongside ecosystem partners.” It also asserted that the attack was contained to Monad’s eBTC/WBTC market. Other Curvance pools and major cross-chain platforms, including Aave, Morpho, Spark, and Fluid, were untouched. Although it isn’t known exactly how the attacker managed to mint eBTC, experts suggested it could be due to a private key compromise, a deployment error, or a smart contract flaw. The attacker opted against a 1,000 eBTC DEX market dump to avoid the severe slippage caused by Monad’s shallow liquidity pool. Instead, they executed a lending-based extraction method, replicating the strategy used to siphon funds from Resolv and KelpDAO before. Have hackers been targeting more DeFi platforms? According to DeFiLlama, the DeFi space had already suffered 13 hacks this month before the Echo Protocol exploit. The Echo Protocol is also the third major decentralized finance platform to fall victim to an exploit in the last five days. As earlier reported by Cryptopolitan, THORChain was compromised on May 15, and hackers pocketed more than $10 million. THORChain suspended trading after the incident, reassuring users that only protocol-owned funds were affected. It acknowledged it “automatically detected abnormal behavior and halted signing activity,” which prevented more outbound transactions. Speaking on the attack, on-chain investigator ZachXBT said the exploiter targeted the platform across Bitcoin, Ethereum, BNB Chain, and Base. A subsequent exploit hit the Verus-Ethereum Bridge three days later, resulting in the loss of $11.58 million in digital assets. Security researchers at Blockaid traced the exploit to the wallet address “0x5aBb…D5777.” Blockchain security firm Peckshield also detailed that the exploiter made off with 103.6 tBTC, 1,625 ETH, and 147,000 USDC, later converting the assets into about 5,402 ETH. Another security firm reporting the attack, GoPlus, noted, “It is highly likely to be cross-chain message validation/signature forgery, withdrawal logic bypass, or access control flaw.” Meanwhile, the Verus team contended that it’s still investigating the incident. DeFi platforms have become a prime target for attackers in the last few years. DeFiLlama estimates that uninsured lending protocols have suffered $7.7 billion in exploit-related losses over the past 6 years. More than $600 million was lost to hacks this April, with Drift and KelpDAO taking major hits. More recently, Nexus Mutual’s Founder, Hugh Karp, even highlighted that many of the latest hacks were caused by operational failures, pointing to a mismatch between risk and insurance coverage. If you're reading this, you’re already ahead. Stay there with our newsletter .
19 May 2026, 07:40
Echo Protocol Recovers Private Key After Hack, Burns 955 eBTC

BitcoinWorld Echo Protocol Recovers Private Key After Hack, Burns 955 eBTC Echo Protocol, a DeFi project built on the Monad (MON) blockchain, announced today that it has regained control of a compromised private key following a security breach. The incident, which occurred earlier this morning, involved the unauthorized minting of eBTC on the Monad network, resulting in a significant loss of funds. The project confirmed on X that, after working with ecosystem partners to restore access, the team burned the remaining 955 eBTC held by the attacker. Timeline of the Incident According to Echo Protocol’s official statement, a private key associated with eBTC on the Monad network was stolen this morning. The attacker exploited this access to mint unauthorized eBTC, draining funds from the protocol. Within hours, the team collaborated with security partners and network validators to revoke the attacker’s access and regain control of the key. As a containment measure, the 955 eBTC remaining in the attacker’s wallet were burned, effectively removing them from circulation. Security Analysis and Implications Blockchain security firm Beosin analyzed the incident and confirmed that the root cause was a private key leak. This type of vulnerability is particularly dangerous in DeFi protocols because it bypasses smart contract audits and directly targets administrative access. The incident underscores a growing concern in the crypto space: even well-audited protocols remain vulnerable if private key management is not secured through multi-signature schemes, hardware security modules, or decentralized governance. What This Means for Monad and DeFi Users Monad is a relatively new Layer-1 blockchain designed for high throughput and Ethereum compatibility. While the network itself was not compromised, the hack raises questions about the security practices of projects building on emerging chains. For users, the event is a reminder to verify whether protocols use multi-signature wallets, time-locks, or other safeguards for administrative keys. Echo Protocol has not yet announced whether affected users will be reimbursed, but the burning of the attacker’s eBTC suggests a focus on limiting further damage. Conclusion Echo Protocol’s swift response and collaboration with ecosystem partners prevented a larger disaster, but the incident highlights persistent security risks in DeFi. As the investigation continues, the community will be watching for a post-mortem report and any plans for compensating victims. For now, the burning of 955 eBTC marks a decisive step in containing the fallout from a private key compromise. FAQs Q1: What exactly happened in the Echo Protocol hack? A private key controlling eBTC on the Monad network was stolen, allowing an attacker to mint unauthorized eBTC and drain funds. Echo Protocol regained control and burned the remaining 955 eBTC. Q2: Was the Monad blockchain itself compromised? No. The vulnerability was at the protocol level due to a private key leak, not a flaw in the Monad blockchain itself. Q3: Will affected users be compensated? Echo Protocol has not yet announced a compensation plan. The team is focused on securing the protocol and investigating the incident. This post Echo Protocol Recovers Private Key After Hack, Burns 955 eBTC first appeared on BitcoinWorld .
19 May 2026, 06:57
How did an attacker mint 1,000 unauthorised eBTC on Echo Protocol?

Bitcoin-focused DeFi platform Echo Protocol has suffered an exploit after an attacker minted roughly 1,000 unauthorised eBTC tokens on the protocol’s Monad deployment. According to blockchain security firm PeckShield and on-chain analytics platform Lookonchain, the attacker created around $76.7 million worth of synthetic Bitcoin tokens before attempting to extract value through decentralised lending markets. Echo Protocol later confirmed that it was investigating “a security incident impacting the Echo bridge on Monad,” while also stating that all cross-chain transactions had been suspended during the investigation. https://twitter.com/EchoProtocol_/status/2056561412554870810?s=20 Monad co-founder Keone Hon has clarified on X that the Monad network itself was operating normally and had not been compromised. Security researchers and blockchain developers later narrowed the incident down to what developer “Marioo” described as an operational failure tied to compromised admin credentials rather than a flaw in the smart contract code itself. According to the developer, the eBTC contract functioned as intended, but weak access control measures allowed the attacker to take over administrative permissions. How the exploit unfolded On-chain investigators said the attacker first assigned themselves the DEFAULT_ADMIN_ROLE on Echo’s eBTC contract before granting their wallet the MINTER_ROLE, which enabled the creation of new tokens without backing. After securing minting privileges, the attacker reportedly removed their own admin permissions to avoid retaining a visible administrative role on-chain. With those controls in place, the exploiter minted 1,000 eBTC tokens worth approximately $77 million on paper. Limited liquidity across the Monad ecosystem, however, prevented the attacker from converting most of the assets directly through decentralised exchanges. Instead, data shared by Onchain Lens and Lookonchain showed the attacker deposited 45 eBTC, valued at roughly $3.5 million, into DeFi lending protocol Curvance as collateral. Against those deposits, the attacker borrowed approximately 11.29 wrapped Bitcoin (WBTC) worth about $867,700. After bridging the borrowed WBTC to Ethereum, the exploiter swapped the assets into ETH and transferred roughly 384 to 385 ETH into crypto mixer Tornado Cash, according to multiple on-chain tracking accounts. Lookonchain and DeBank data indicated that the attacker still controls 955 eBTC worth around $73 million, though DefiPrime founder Nick Sawinyh said in a post that the remaining tokens were effectively unusable because Monad’s DeFi liquidity depth could not absorb the fake supply. Marioo also pointed to several security weaknesses that amplified the attack’s impact, including the use of a single-signature admin role, the absence of a timelock mechanism, no minting cap or rate limiter, and a lack of collateral sanity checks on Curvance for newly minted eBTC. Protocols move to contain damage As the exploit unfolded, Curvance said it detected an “anomaly” in the Echo eBTC market and paused the affected lending market while investigations continued. The protocol stated there was no indication that its own smart contracts had been breached, adding that its isolated market architecture prevented spillover into other lending pools. According to Hon, security researchers estimated realised losses at roughly $816,000, substantially below the paper value of the unauthorised mint because most of the fake eBTC supply could not be liquidated. Echo Protocol, which focuses on Bitcoin liquidity aggregation, liquid staking, restaking, and yield generation across multiple chains, has yet to disclose how the admin credentials were compromised. The protocol said further updates would be shared through official channels as the investigation progresses. The incident has added to a growing list of DeFi exploits recorded since the start of the year. As previously reported by Invezz , KelpDAO bridge infrastructure was compromised in an advanced RPC poisoning and distributed denial-of-service (DDoS) attack that resulted in a massive $292 million exploit. The post How did an attacker mint 1,000 unauthorised eBTC on Echo Protocol? appeared first on Invezz
19 May 2026, 06:03
ECHO Token Crashes Double Digits After Massive Echo Protocol Exploit

Bitcoin-focused DeFi protocol Echo Protocol was exploited on Monday in the latest security breach to hit the DeFi sector this month. The attack was first flagged by pseudonymous crypto influencer DCF GOD on X at around 5:55 p.m. ET. The exact cause of the incident has not yet been identified. Echo Protocol Exploit Findings by Onchain Labs reveal that the attacker allegedly minted 1,000 eBTC worth about $76.7 million and then used what was described as a previously tested exploit route involving Curvance. The exploiter reportedly deposited 45 eBTC, roughly worth $3.45 million, into Curvance as collateral before borrowing around 11.29 WBTC worth about $867,700. The borrowed WBTC was then bridged to Ethereum, swapped into ETH, and 385 ETH, which is valued at around $818,000, was later sent to Tornado Cash. Keone Hon, co-founder of Monad, later clarified that the Monad network itself was not impacted and continues to operate normally. Additionally, Curvance also stated that its smart contracts showed no signs of compromise and explained, “Due to Curvance’s fully isolated market architecture, no other markets are impacted. Out of an abundance of caution, the affected market has been paused while our team actively investigates the situation alongside ecosystem partners.” The hacker still holds approximately 955 eBTC worth more than $73 million, according to data shared by blockchain tracker Lookonchain. Meanwhile, Echo Protocol confirmed that they are currently investigating the security incident and have suspended all cross-chain transactions. ECHO Token Drops 12% Following news of the exploit, ECHO came under heavy selling pressure and fell more than 12%. At the time of writing, the token was trading near $0.0049. The Echo exploit followed two other major crypto hacks within four days, including attacks on THORChain with stolen funds of more than $10 million and the Verus-Ethereum Bridge, which saw $11.5 million being stolen. Overall, the Echo exploit has pushed the total number of security breaches recorded in May to 14. The post ECHO Token Crashes Double Digits After Massive Echo Protocol Exploit appeared first on CryptoPotato .
19 May 2026, 06:00
Echo Protocol Hit by $76M eBTC Minting Exploit

The attacker moved part of the funds through Curvance, bridged assets to Ethereum, and sent some ETH through Tornado Cash. Security researchers believe the incident was caused by a compromised admin private key rather than a smart contract flaw. Hacker Exploits Echo Protocol Echo Protocol suffered a major security breach after an attacker minted approximately 1,000 unauthorized eBTC tokens on the protocol, which operates on the Monad blockchain. The exploit resulted in roughly $76.7 million worth of synthetic Bitcoin being created without authorization. Because of this, it is one of the latest large-scale attacks to hit the decentralized finance sector during an already difficult month for crypto security. Blockchain security firms PeckShield and Lookonchain both reported the incident on Tuesday, while Echo Protocol later confirmed that it was investigating a security issue affecting its bridge infrastructure. The protocol also announced that all cross-chain transactions were suspended while the investigation continued. The attacker quickly began moving portions of the stolen assets through decentralized finance platforms in an attempt to launder the funds. According to PeckShield, the hacker deposited 45 eBTC, valued at around $3.45 million, into Curvance, a DeFi lending and liquidity management platform. The attacker then borrowed approximately 11.3 wrapped Bitcoin worth about $868,000 against the collateral before bridging the assets to Ethereum. After transferring the funds to Ethereum, the attacker swapped the assets into ETH and eventually sent around 384 ETH, valued at roughly $822,000, through Tornado Cash. Despite these movements, the majority of the stolen assets are still untouched. Data from DeBank indicates that the attacker still controls approximately 955 eBTC, which is close to 95% of the stolen cryptocurrency and worth around $73 million. Blockchain developer Marioo suggested that the exploit was not caused by a flaw in Echo Protocol’s smart contracts. Instead, the incident appears to have stemmed from an admin private key compromise. According to the developer, the problem was operational rather than technical, with the eBTC contract functioning as intended. Several security weaknesses may have contributed to the scale of the exploit, including reliance on a single-signature admin role, the absence of a timelock mechanism, no minting supply cap or rate limit, and a lack of supply validation checks for newly minted collateral on Curvance. Curvance stated that its own smart contracts were not compromised but confirmed that it paused the affected eBTC market while investigations continue. Monad co-founder Keone Hon also clarified that the Monad blockchain itself is unaffected and is operating normally. The Echo Protocol exploit adds to a growing list of recent DeFi attacks, joining incidents involving THORChain, Verus Protocol’s Ethereum bridge, Transit Finance, TrustedVolumes, and Ekubo.
19 May 2026, 03:00
Echo Protocol Halts Cross-Chain Operations After $76.7M Bridge Exploit

BitcoinWorld Echo Protocol Halts Cross-Chain Operations After $76.7M Bridge Exploit Echo Protocol, a Bitcoin liquidity project built on the Monad (MON) blockchain, has temporarily suspended all cross-chain transactions following a security breach on its bridge. The team confirmed the halt in a statement on X, noting that an investigation is underway. Onchain Lens, a blockchain analytics firm, estimated the exploit at approximately $76.7 million. Incident Details and Immediate Response The announcement came late on [date of event, e.g., March 20, 2026], with Echo Protocol stating that it had paused bridge operations as a precautionary measure. The team emphasized that further details would be shared through official channels as they become available. The exploit appears to have targeted the protocol’s cross-chain bridge, a critical component for moving assets between the Monad network and other blockchains. Onchain Lens reported that the stolen funds were moved to multiple external wallets, though the exact method of the attack has not yet been disclosed. Context and Market Implications This incident adds to a growing list of bridge-related exploits in the decentralized finance (DeFi) space, which have collectively resulted in billions of dollars in losses over the past several years. Bridges remain a high-risk target for attackers due to their complex architecture and the large pools of liquidity they manage. For Echo Protocol, which focuses on unlocking Bitcoin liquidity within the Monad ecosystem, the exploit raises questions about the security of its underlying infrastructure. The Monad blockchain, known for its high throughput and parallel execution capabilities, has been gaining traction among DeFi projects. However, security incidents like this can undermine user confidence and slow adoption. What This Means for Users and the Broader Market For users who have deposited assets into Echo Protocol, the immediate concern is the safety of their funds. The team has not yet confirmed whether user funds are affected or if a recovery plan is in place. Historically, some projects have been able to negotiate with attackers or deploy emergency measures to recover stolen assets, but outcomes vary widely. The broader DeFi market may see increased scrutiny of bridge security, potentially leading to tighter auditing requirements and insurance mechanisms. Regulators may also take note, as high-profile exploits often attract attention from agencies like the SEC and CFTC, particularly when they involve cross-chain transfers. Conclusion The Echo Protocol exploit is a significant event for the Monad ecosystem and the wider DeFi landscape. As the investigation unfolds, the community will be watching for updates on fund recovery, the root cause of the breach, and any changes to the protocol’s security posture. This incident underscores the persistent risks in cross-chain infrastructure and the importance of rigorous security practices for projects handling large liquidity pools. FAQs Q1: What is Echo Protocol? Echo Protocol is a Bitcoin liquidity project built on the Monad blockchain. It enables users to deploy Bitcoin in DeFi applications by providing cross-chain bridging services. Q2: How much was stolen in the exploit? Blockchain analytics firm Onchain Lens estimated the loss at approximately $76.7 million. The exact amount may change as the investigation progresses. Q3: Are user funds at risk? Echo Protocol has not yet confirmed the impact on user funds. The team is investigating the incident and has stated that further details will be shared through official channels. This post Echo Protocol Halts Cross-Chain Operations After $76.7M Bridge Exploit first appeared on BitcoinWorld .




































