Echo Protocol Exploited for $76.7M in Admin Key Hack

Echo Protocol, a Bitcoin-focused DeFi platform running on the Monad blockchain, was exploited for $76.7 million in synthetic Bitcoin (eBTC) following an admin key compromise. The attack, reported on May 18, allowed the hacker to mint 1,000 unauthorized eBTC tokens and siphon a portion of the stolen funds through Tornado Cash, a privacy-focused mixing service.

Blockchain security firms PeckShield and Lookonchain identified that 45 eBTC—roughly $3.45 million—was used as collateral on Curvance, a DeFi lending protocol. The attacker borrowed 11.3 wrapped Bitcoin (wBTC) worth $868,000, bridged the tokens to Ethereum, and converted them into ETH before routing $822,000 in ETH through Tornado Cash. Despite these efforts to obscure fund flows, the hacker still holds 955 eBTC, valued at about $73 million as of Bitcoin’s current price of $76,841.

Root Cause: Admin Key Vulnerabilities

Blockchain developer “Marioo” revealed the exploit stemmed from an administrative private key compromise rather than a smart contract flaw. The attacker exploited insufficient security measures, including the absence of multi-signature protection, timelocks, or minting limits on the eBTC contract. These operational lapses allowed the hacker to mint new tokens unchecked.

Echo Protocol has suspended all cross-chain activity on its platform and stated it is actively investigating the breach. The Monad blockchain itself, according to Monad co-founder Keone Hon, remains unaffected and continues to operate normally.

Rising Tide of DeFi Exploits in 2026

The Echo Protocol hack is the latest in a string of decentralized finance (DeFi) attacks this year. At least 12 protocols have been compromised in May alone, underscoring persistent vulnerabilities in token minting, collateral manipulation, and cross-chain processes. Notable incidents include the Drift Protocol and Kelp DAO exploits, which resulted in losses exceeding $285 million and $292 million, respectively.

Echo’s exploit also highlights a troubling pattern: the use of DeFi infrastructure to launder stolen funds. By leveraging platforms like Curvance, attackers can convert ill-gotten assets into other tokens and obscure their trail using mixers like Tornado Cash.

Market and Security Implications

This attack coincides with Bitcoin trading at $76,841, down 0.17% in the past 24 hours. While the price impact of this specific exploit appears muted, the broader trend of DeFi hacks has raised concerns among industry participants. The absence of stricter operational controls—such as multi-sig wallets and minting rate limits—continues to pose risks for platforms managing large-scale liquidity.

For traders, the Echo Protocol breach serves as another reminder of the risks associated with DeFi tokens. Investors in eBTC and related assets should monitor updates from Echo Protocol’s team and assess potential impacts on liquidity and trust in the platform.

As investigations continue, Echo Protocol has committed to providing updates through its official channels. The incident remains a stark warning for DeFi protocols: operational security is just as critical as technical innovation.

Image source: Shutterstock