The attacker moved part of the funds through Curvance, bridged assets to Ethereum, and sent some ETH through Tornado Cash. Security researchers believe the incident was caused by a compromised admin private key rather than a smart contract flaw.
Hacker Exploits Echo Protocol
Echo Protocol suffered a major security breach after an attacker minted approximately 1,000 unauthorized eBTC tokens on the protocol, which operates on the Monad blockchain. The exploit resulted in roughly $76.7 million worth of synthetic Bitcoin being created without authorization. Because of this, it is one of the latest large-scale attacks to hit the decentralized finance sector during an already difficult month for crypto security.
Blockchain security firms PeckShield and Lookonchain both reported the incident on Tuesday, while Echo Protocol later confirmed that it was investigating a security issue affecting its bridge infrastructure. The protocol also announced that all cross-chain transactions were suspended while the investigation continued.
The attacker quickly began moving portions of the stolen assets through decentralized finance platforms in an attempt to launder the funds. According to PeckShield, the hacker deposited 45 eBTC, valued at around $3.45 million, into Curvance, a DeFi lending and liquidity management platform. The attacker then borrowed approximately 11.3 wrapped Bitcoin worth about $868,000 against the collateral before bridging the assets to Ethereum.
After transferring the funds to Ethereum, the attacker swapped the assets into ETH and eventually sent around 384 ETH, valued at roughly $822,000, through Tornado Cash. Despite these movements, the majority of the stolen assets are still untouched.
Data from DeBank indicates that the attacker still controls approximately 955 eBTC, which is close to 95% of the stolen cryptocurrency and worth around $73 million.
Blockchain developer Marioo suggested that the exploit was not caused by a flaw in Echo Protocol’s smart contracts. Instead, the incident appears to have stemmed from an admin private key compromise. According to the developer, the problem was operational rather than technical, with the eBTC contract functioning as intended.
Several security weaknesses may have contributed to the scale of the exploit, including reliance on a single-signature admin role, the absence of a timelock mechanism, no minting supply cap or rate limit, and a lack of supply validation checks for newly minted collateral on Curvance.
Curvance stated that its own smart contracts were not compromised but confirmed that it paused the affected eBTC market while investigations continue. Monad co-founder Keone Hon also clarified that the Monad blockchain itself is unaffected and is operating normally.
The Echo Protocol exploit adds to a growing list of recent DeFi attacks, joining incidents involving THORChain, Verus Protocol’s Ethereum bridge, Transit Finance, TrustedVolumes, and Ekubo.
