Crypto Hack Hits Echo As Monad’s eBTC Market Faces Fallout

bitcoinistPublished on 2026-05-19Last updated on 2026-05-19

Abstract

Echo Protocol is investigating a security incident on Monad involving its eBTC bridge. An attacker, via a compromised admin key, minted 1,000 eBTC (worth ~$76.64M), used 45 eBTC as collateral on Curvance to borrow ~11.3 WBTC (~$867K), bridged the WBTC to Ethereum, swapped it for ETH, and laundered funds through Tornado Cash. The attacker still held 955 eBTC. Echo suspended cross-chain transactions and later confirmed it regained control, burning the attacker's remaining eBTC. The exploit resulted in an estimated $816K loss, affected the eBTC market, but did not compromise the Monad network or Curvance's core contracts.

Echo Protocol is investigating a security incident involving its bridge on Monad after crypto on-chain analysts said an attacker minted 1,000 eBTC and used part of the position to extract WBTC liquidity through Curvance.

The first public alarm came from on-chain analyst DCF GOD, who wrote that Echo “may be hacked on Monad.” He added: “Someone minted 1k ebtc out of nowhere, max borrowed wbtc against it on Curvance, bridged, and tornado away.” A follow-up post pointed to a Monad transaction showing a 1,000 eBTC transfer on May 18 at 21:21:32 UTC.

$76M Crypto Mint Sparks Alarm

Lookonchain later mapped the reported sequence in more detail. According to the account, the attacker minted 1,000 eBTC, valued at about $76.64 million, deposited 45 eBTC worth roughly $3.45 million into Curvance, borrowed 11.3 WBTC worth about $867,000, bridged the WBTC to Ethereum, swapped it for 385 ETH worth about $821,000, and deposited the ETH into Tornado Cash. Lookonchain said the attacker still held 955 eBTC, valued at about $73.2 million.

Phylax Systems founder and CEO Odysseas Lamtzidis said the transaction trail pointed away from a Curvance lending flaw and toward a role-management compromise on the eBTC side. “Monad eBTC/Curvance trace: not a Curvance lending bug,” he wrote. “The eBTC admin granted DEFAULT_ADMIN_ROLE to 0x6A0109, who revoked admin, self-granted MINTER_ROLE, minted 1,000 eBTC, posted 45 eBTC as collateral, and borrowed ~11.296 WBTC.” Lamtzidis said the pattern “looks like admin-key/role compromise,” citing key transactions for the admin grant, mint and borrow.

Echo confirmed the incident without publishing a root-cause analysis. “We are currently investigating a security incident impacting the Echo bridge on Monad. All cross-chain transactions remain suspended while the investigation is underway. We will continue to provide timely updates through our official channels as more information becomes available.” The suspension makes the bridge the immediate operational focus, not simply the lending market that processed the collateral.

Curvance’s exposure appears to have come through the affected Echo eBTC market. Curvance paused that market while the teams investigated, and cited Curvance as saying there was no indication its smart contracts had been compromised and that its isolated-market architecture meant other markets were not affected. Also, Monad’s network itself was not affected.

Monad CEO Keone Hon wrote via X: “To clarify, the Monad network is not affected and is operating normally. Security researchers in their review have determined that ~$816,000 appears to have been stolen as a result of this exploit of Echo Protocol’s eBTC.

The incident illustrates a familiar bridge-to-lending failure pattern. Once a bridged or synthetic asset is treated as valid collateral, even a partial conversion path can turn a supply-side failure into real liquidity loss. In this case, the eBTC mint was used to borrow WBTC, move it off Monad, convert it into ETH, and route the funds through a mixer before the broader notional position was fully monetized.

Echo’s next update will need to answer several market-facing questions: whether the unauthorized eBTC has been neutralized, whether Curvance faces bad debt from the WBTC borrow, which bridge permissions or contracts were involved, and when cross-chain transactions can safely resume. Until then, the eBTC market on Monad remains the key pressure point for users trying to assess whether the incident was contained or merely slowed.

The Echo exploit also lands during a rough stretch for crypto infrastructure. On May 15, THORChain has lost more than $10 million across Bitcoin, Ethereum, BNB Chain and Base, including 36.75 BTC and roughly $7 million in other assets. Days later, the Verus-Ethereum Bridge was drained for about $11.5 million, with reports saying the attacker took 103.6 tBTC, 1,625 ETH and 147,000 USDC before consolidating the haul into roughly 5,402 ETH. Echo now gives markets another reminder that bridge design, collateral acceptance and liquidity routing remain one of DeFi’s most exposed attack surfaces.

[UPDATE from X:] Echo Protocol confirmed: “Earlier today, Echo Protocol identified unauthorized activity involving eBTC on Monad that resulted in unauthorized minting and associated fund loss. Our investigation indicates the issue originated from a compromised admin key affecting the Monad deployment. Based on current findings, approximately $816K was impacted on Monad. The Monad network itself was not impacted and continues to operate normally.

Since detecting the incident, we have been actively investigating potential cross-chain exposure, coordinating with ecosystem partners, and implementing additional precautionary measures. We have successfully regained control of our admin keys and burnt the remaining 955 eBTC that was in the attacker’s possession.”

At press time, the total crypto market cap stood at $2.54 trillion.

Total crypto market cap hovers above key support | Source: TOTAL on TradingView.com

Trending Cryptos

Related Questions

QWhat was the core vulnerability exploited in the Echo Protocol hack on Monad?

AThe core vulnerability was a role-management compromise on the eBTC side of the Echo Protocol. Specifically, the admin key was compromised, allowing an unauthorized actor to grant themselves the MINTER_ROLE, which was then used to mint 1,000 unauthorized eBTC tokens.

QWhat were the key steps the attacker took to extract value from the exploit?

AThe attacker first minted 1,000 eBTC. Then, they deposited 45 eBTC as collateral on the lending protocol Curvance, borrowed approximately 11.3 WBTC against it, bridged the WBTC to the Ethereum network, swapped it for 385 ETH, and finally deposited the ETH into the Tornado Cash mixer.

QWhat was the estimated financial impact of this security incident?

AApproximately $816,000 was directly stolen and moved off-chain. The attacker initially minted 1,000 eBTC valued at about $76.64 million, but the majority (955 eBTC worth ~$73.2 million) was later burnt by the Echo team after they regained control.

QAccording to the article, was the Monad network itself or Curvance's core contracts compromised?

ANo. Both Monad's network and Curvance's core smart contracts were not compromised. The incident was isolated to a compromise of Echo Protocol's admin key for its eBTC deployment on Monad. Curvance's isolated-market architecture also prevented the issue from spreading to its other markets.

QWhat actions did Echo Protocol take in response to the incident?

AEcho Protocol suspended all cross-chain transactions on its bridge. They coordinated with partners, investigated potential cross-chain exposure, implemented precautionary measures, successfully regained control of their compromised admin keys, and burnt the remaining 955 eBTC that was in the attacker's possession.

Related Reads

Nearly a Hundred Players Rush into Embodied Data: With 4.47 Billion Yuan in Financing in One Year, Who Can Really Make Money by 'Selling Data'?

The domestic embodied AI data industry has attracted nearly 100 players, with 70 focused on data collection and 27 on data infrastructure. In the past year, 15 independent embodied data service providers raised approximately 4.47 billion yuan. Despite this growth, the sector remains early-stage, fragmented, and faces significant challenges. Data collection methods are diverse, categorized into four main routes: teleoperation of real robots, human demonstration without a robot (using motion capture, exoskeletons, etc.), simulation synthesis, and distillation from internet videos. Most companies (43%) adopt hybrid approaches, combining multiple routes, as no single method can meet all training needs. Teleoperation alone is pursued by 31% of players, often by state-owned platforms and robot companies, while newer firms favor asset-light, no-hardware human demonstration. Independent data service providers now form the largest player group (40%), indicating the emergence of a distinct industry segment rather than just a subsidiary function for robot makers. Two-thirds of all players are "embodied-native" startups, while one-third are companies that pivoted from fields like AI data annotation, which are more prevalent in the data infrastructure layer. Current annual industry capacity is estimated at 1.6-1.8 million hours plus 70-80 million data points, with a short-term goal to increase this 15-20 fold within 1-3 years. Data collection factories are spread across 20 provinces in China, concentrated in the Yangtze River Delta, Beijing-Tianjin-Hebei, and Pearl River Delta regions. Financially, the 4.47 billion yuan raised in the past year pales compared to the 43.8 billion yuan raised by the broader embodied intelligence sector in just the first half of 2026, highlighting that data remains a less "sexy" bet for investors. The 15 funded independent providers show clear stratification: a top tier led by a unicorn (Lightwheel Intelligence, 3.1 billion yuan), a middle tier of 11 firms raising tens to hundreds of millions, and an early-stage tier of 3 companies. Sixty-nine investment institutions have participated, but none have made concentrated bets, reflecting uncertainty about viable business models. Over half of these funded companies are less than a year old, most are at pre-A or A rounds, and profitability remains largely unproven. In summary, the embodied data industry has become an independent track creating jobs and local economic activity. However, it is still nascent, with unformed consensus, unsolved problems, and unproven business models. The coming 1-2 years will be a critical validation window to see if companies can build sustainable, profitable businesses purely by "selling data."

marsbit3h ago

Nearly a Hundred Players Rush into Embodied Data: With 4.47 Billion Yuan in Financing in One Year, Who Can Really Make Money by 'Selling Data'?

marsbit3h ago

Dialogue with Multicoin Partner: The Crypto Market Has Bottomed Out, Favoring Three Cryptocurrencies in This Cycle

In a recent interview, Multicoin Capital managing partner Tushar Jain shared his views on the crypto market. He believes the market has bottomed and is at an inflection point, citing that negative news no longer causes significant price declines and application adoption continues to grow. Jain remains highly bullish on Solana, viewing it as the correct architectural choice for internet capital markets, particularly for spot and tokenized security trading. He is also positive on Hyperliquid, noting its leadership in decentralized derivatives trading. His investment approach focuses on concentrating capital in top convictions rather than equal allocation. A distinct opportunity he highlights is Zcash (ZEC), which he sees as a return to the industry's cypherpunk ethos and a potential top-five asset by market cap. For assets like Zcash without cash flows, his valuation framework is based on relative market cap ranking. Regarding investment strategy, Jain employs a "three-part" entry method to avoid timing pitfalls and emphasizes long-term "active management" over "active trading." He outlines four sources of investment edge: informational, analytical, behavioral/psychological, and structural. On portfolio management, the fund uses Bitcoin as its "cash," selling assets into Bitcoin during market euphoria to reduce beta risk and using Bitcoin to buy dips. Sales occur only if a better opportunity arises, the investment thesis breaks, or valuations become excessively overheated. While respectful of Ethereum's resilience, he questions its unclear scaling roadmap. Finally, Jain reaffirms his commitment to the thesis that blockchains will form the foundational architecture for future capital markets.

marsbit3h ago

Dialogue with Multicoin Partner: The Crypto Market Has Bottomed Out, Favoring Three Cryptocurrencies in This Cycle

marsbit3h ago

Trading

Spot

Hot Articles

Discussions

Welcome to the HTX Community. Here, you can stay informed about the latest platform developments and gain access to professional market insights. Users' opinions on the price of S (S) are presented below.

活动图片