- Echo Protocol paused its Monad bridge after an attacker minted about 1,000 unauthorized eBTC worth $76.7 million.
- On-chain data shows the attacker still holds about 955 eBTC, while roughly 384 ETH moved through Tornado Cash.
DeFi’s difficult year continued on Tuesday after Echo Protocol paused cross-chain activity following an exploit tied to its eBTC assets on Monad. The attacker minted about 1,000 unauthorized eBTC, with on-chain monitors valuing the tokens at roughly $76.7 million.
Echo Protocol confirmed that it was investigating a security incident affecting its bridge on Monad. The team also suspended all cross-chain transactions while it reviewed the breach. The move came after blockchain security firm PeckShield and analytics platform Lookonchain flagged the unauthorized mint.
#PeckShieldAlert @dcfgod reports that @EchoProtocol_ was hacked on @monad
The hacker minted 1k $eBTC ($76.7M) &, utilizing the tested flow, deposited 45 $eBTC ($3.45M) into Curvance. They then borrowed ~11.29 $WBTC ($867.7K) against it, bridged the $WBTC to #Ethereum, swapped… https://t.co/DjgI0v85Rw pic.twitter.com/wNnA77UDuI
— PeckShieldAlert (@PeckShieldAlert) May 18, 2026
The attacker did not immediately convert most of the newly created eBTC into other assets. His wallet still holds about 955 eBTC, valued at more than $73 million, according to on-chain data.Â
However, the attacker moved a smaller portion through DeFi markets. He deposited 45 eBTC, worth $3.45 million, as collateral with Curvance and then borrowed 11.3 wrapped Bitcoin, valued at nearly $868,000, before moving the assets to Ethereum.
After bridging the funds, the attacker swapped the WBTC into ETH and sent about 384 ETH, worth roughly $822,000, to Tornado Cash. The movement showed how fake collateral can still unlock real liquidity when lending markets fail to limit newly minted assets.
Echo Protocol operates as a Bitcoin-focused DeFi platform. It supports Bitcoin liquidity aggregation, liquid staking, restaking, and yield strategies through assets such as eBTC. The protocol uses eBTC to help users move Bitcoin-linked liquidity into DeFi markets across supported chains.
The incident drew attention to Monad, where Echo’s affected deployment operated. Monad co-founder Keone Hon said the network itself was not affected and continued to operate normally.Â
To clarify, the Monad network is not affected and is operating normally
Security researchers in their review have determined that ~$816,000 appears to have been stolen as a result of this exploit of @EchoProtocol_ 's eBTC
— Keone Hon (@keoneHD) May 18, 2026
Curvance also said its smart contracts were not compromised and paused the affected Echo eBTC market for review. The protocol also stated that its isolated market structure helped prevent the issue from spreading to other pools.
Echo Protocol Breach Deepens DeFi Security Concerns
Early findings show that Echo Protocol’s exploit likely came from a compromised admin private key, not a fault in the smart contract itself. Blockchain developer Marioo said the eBTC contract worked as intended, but operational weaknesses enabled the attacker to exploit privileged access.
The reported weaknesses included a single-signature admin role, no timelock, no minting cap, and no issuance rate limit. Researchers also pointed to the absence of stronger checks on freshly minted eBTC before Curvance accepted it as collateral.
Those details matter for DeFi lenders that support assets from newer protocols and chains. When a collateral token can be minted through a privileged key, lending markets need stronger limits before users deposit real assets against it.
Echo Protocol said it would continue to share updates through its official channels. For now, the bridge suspension remains a central response while the team reviews the incident and tracks the attacker’s wallet.
The Echo exploit adds to a growing list of DeFi attacks in 2026. Recent incidents include the Verus Protocol Ethereum bridge exploit, which involved a fraudulent cross-chain transfer message and resulted in at least $11.6 million in stolen crypto.
Other attacks have hit larger targets this year. Drift Protocol lost about $285 million, while Kelp DAO suffered a separate exploit worth roughly $292 million in April. THORChain also halted trading after investigator ZachXBT flagged a suspected $10 million exploit.
Transit Finance recently reported a deprecated smart contract exploit that caused nearly $1.88 million in losses.
