n a significant security breach on May 18, 2026, Echo Protocol, a Bitcoin-focused DeFi platform deployed on the high-performance Monad blockchain, suffered an exploit via a compromised admin key. The attacker minted approximately 1,000 unauthorized eBTC tokens, creating roughly $76.7 million in unbacked synthetic Bitcoin at current prices.
The hacker exploited administrative privileges on the eBTC contract by assigning themselves the DEFAULT_ADMIN_ROLE and MINTER_ROLE. After minting the fake tokens, they removed their admin permissions to cover tracks. They then used about 45 eBTC as collateral on Curvance to borrow real wrapped Bitcoin (WBTC) assets, extracting over $816K–$822K in actual value. The stolen funds were routed through mixers like Tornado Cash for obfuscation.
Echo Protocol responded swiftly by pausing all cross-chain bridge operations, reclaiming control of the admin key, and burning the majority of the remaining fake eBTC (around 955 tokens) left in the attacker’s wallet. The team confirmed that the core blockchain remained secure and launched a full investigation. No widespread user fund losses beyond the extracted amount have been reported so far.
This incident underscores ongoing risks in DeFi, particularly around admin key management and single-signature vulnerabilities. It marks another high-profile exploit in a string of recent attacks, highlighting the need for stronger security practices like multi-signature wallets and rigorous audits as the ecosystem matures. Users are advised to remain vigilant and follow official channels for updates.
